CSO/Leadership

 

 

https://sm.asisonline.org/Pages/Editor's-Note---Awareness.aspxEditor's Note: AwarenessGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-04-01T04:00:00Zhttps://adminsm.asisonline.org/pages/teresa-anderson.aspx, Teresa Anderson<p>​According to ecological re­searchers, up to 75 percent of global tropical savannas are burned annually. The savannas of northern Australia make up 12 percent of such landscapes in the world. This destruction can threaten global environmental health. As reported in a 2015 paper "Fire in Australian Savannas," published in the journal <em>Global Change Biology</em>, fire is "arguably the greatest natural and anthropogenic environmental disturbance," to these regions.</p><p>Until recently, scientists thought they knew the main risks of fire in the Australian savanna—lightning and people. However, new research suggests another risk factor: birds.</p><p>In 2011, researchers started observing the behavior of local birds, called firehawks by the indigenous population. The black kite, the whistling kite, and the brown falcon were all alleged to carry smoldering sticks from burning savanna to a new, unaffected area, thus spreading the fire. The birds, scientists said, do this individually and in groups.</p><p>The researchers explained the purpose of the behavior in their article "Intentional Fire-Spreading by 'Firehawk' Raptors in Northern Australia," in the Journal of Ethno­biology in December 2017. The birds flush small rodents and reptiles out of their hiding places and toward a group of waiting raptors. Once the birds have feasted, they repeat the behavior, bringing burning sticks to another pristine part of the savanna.</p><p>Fire-spreading birds have been accepted as a threat by those living in the area for tens of thousands of years, but scientists long discounted the phenomenon as folklore. "Though Aboriginal rangers and others who deal with bushfires take into account the risks posed by raptors that cause controlled burns to jump across firebreaks, official skepticism about the reality of avian fire-spreading hampers effective planning for landscape management and restoration," wrote the researchers.</p><p>The raptor behavior revealed a significant risk factor for bushfires that was previously unaccepted, if not totally unknown. In this issue of Security Management, you'll find stories of security professionals doing the same type of discovery—gleaning threat information from a variety of sources both traditional and innovative.</p><p>In our cover story, Brad Spicer of SafePlans explores how security professionals, including unarmed security officers, can use awareness techniques to spot suspicious behavior before violence breaks out. A comprehensive risk management posture for the maritime industry is the topic for authors Marie-Helen Maras and Lauren R. Shapiro.</p><p>Doug Powell, CPP, PSP, security project manager for BC Hydro, sat down with Security Management to talk about best practices around risk management. If something goes wrong with security, he says, "the error lies in either the company's risk profile or its implementation of mitigation procedures." </p><p>Powell argues that outliers, be they black swans or fire-wielding raptors, are no excuse for a poor risk posture.</p>

CSO/Leadership

 

 

https://sm.asisonline.org/Pages/Editor's-Note---Awareness.aspx2018-04-01T04:00:00ZEditor's Note: Awareness
https://sm.asisonline.org/Pages/Four-Trends-That-Will-Shape-Recruiting-in-2018.aspx2018-03-22T04:00:00ZFour Trends That Will Shape Recruiting in 2018
https://sm.asisonline.org/Pages/Starting-from-the-End---Creating-a-Master-Security-Plan.aspx2018-03-19T04:00:00ZStarting from the End: Creating a Master Security Plan
https://sm.asisonline.org/Pages/Editor's-Note---Timing.aspx2018-03-01T05:00:00ZEditor's Note: Timing
https://sm.asisonline.org/Pages/Coachable-Employees.aspx2018-03-01T05:00:00ZCoachable Employees
https://sm.asisonline.org/Pages/Fair-and-Neutral.aspx2018-03-01T05:00:00ZFair & Neutral
https://sm.asisonline.org/Pages/Certification-Profile---Leon-Beresford,-CPP.aspx2018-03-01T05:00:00ZCertification Profile: Leon Beresford, CPP
https://sm.asisonline.org/Pages/Editor's-Note---Incentive.aspx2018-02-01T05:00:00ZEditor's Note: Incentive
https://sm.asisonline.org/Pages/Pamela-Cichon,-CPP.aspx2018-02-01T05:00:00ZCertification Profile: Pamela Cichon, CPP
https://sm.asisonline.org/Pages/Paved-with-Good-Intentions.aspx2018-02-01T05:00:00ZPaved with Good Intentions
https://sm.asisonline.org/Pages/The-Strategic-Leader.aspx2018-02-01T05:00:00ZThe Strategic Leader
https://sm.asisonline.org/Pages/Speak-the-Language-of-Payroll.aspx2018-01-18T05:00:00ZSpeak the Language of Payroll
https://sm.asisonline.org/Pages/Editor's-Note-Resolutions.aspx2018-01-01T05:00:00ZEditor's Note: Resolutions
https://sm.asisonline.org/Pages/Certification-Profile---Darin-Dillon,-CPP.aspx2018-01-01T05:00:00ZCertification Profile: Darin Dillon, CPP
https://sm.asisonline.org/Pages/Chase-Leading-Through-Change.aspx2018-01-01T05:00:00ZChase: Leading Through Change
https://sm.asisonline.org/Pages/European-Salary-Survey-2017.aspx2017-12-18T05:00:00ZEuropean Salary Survey 2017
https://sm.asisonline.org/Pages/Leading-While-Female.aspx2017-12-01T05:00:00ZLeading While Female
https://sm.asisonline.org/Pages/A-New-Social-World.aspx2017-12-01T05:00:00ZA New Social World
https://sm.asisonline.org/Pages/Editor's-Note-Grudges.aspx2017-12-01T05:00:00ZGrudges
https://sm.asisonline.org/Pages/Certification-Profile-José-Carlos-Degiorgis,-CPP.aspx2017-12-01T05:00:00ZCertification Profile: José Carlos Degiorgis, CPP

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Five-Insights-on-ESRM.aspxFive Insights on ESRM<p>​There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM). These concepts describe what ESRM is, what it can do for security managers, how security can gain C-suite approval for it, and how to implement a vibrant ESRM program for the enterprise. </p><h4>ESRM Is a Philosophy</h4><p>ESRM is not a standard, nor is it a rigid set of rules to follow. ESRM is a philosophy of managing security. It is based on standard risk management practices, the same ones that guide most of the other business decisions made by the enterprise. It requires partnership with the business leaders in the organization.</p><p>This philosophy gives the security leader the ability to manage security risks. This ability is not based on the latest incident or scare in the news, nor is it based simply on the manager’s own ideas of what is most important to protect. Instead, it is based on a shared understanding of what the business deems critical for risk mitigation, and what level of risk the business is willing to accept in different areas. This ability also requires that the business fully understand why the security risk mitigation tactics have been put in place, and what the impact of not having those mitigations might be. </p><p>The emphasis here is on business. ESRM philosophy recognizes that security risk does not belong to security. It is a business risk, like any other financial, operational, or regulatory risk, and final decisions on managing that risk must belong to the business leaders. That shift in understanding sets a security program up for a greater level of success because security leaders are delivering only what the business needs, and, more important, what the C-suite understands that it needs.​</p><h4>ESRM Is a Process </h4><p>ESRM is not merely an academic philosophy. A general approach for setting up and running a security program can be derived from it. Under that approach, ESRM in action is a cyclical program, and the cycle of risk management is ongoing:</p><p>1. Identify and prioritize the assets of an organization that need to be protected.</p><p>2. Identify and prioritize the security threats that the enterprise and its assets face—both existing and emerging—and the risks associated with those threats.</p><p>3. Take the necessary, appropriate, and realistic steps to protect and mitigate the most serious security threats and risks.</p><p>4. Conduct incident monitoring, incident response, and post–incident review, and apply the lessons learned to advance the program. ​</p><h4>ESRM Aligns with the Business</h4><p>Aligning the security program with business requirements is the most critical component of the ESRM philosophy. This means that the security program must receive governance and guidance from the business. We recommend the formation of a security council to ensure this alignment. </p><p>There are several ways to implement a council. It could be a loose, informal group that provides input as needed, or it could be a board-level initiative that has formal roles, meetings, charters, and documented responsibilities for ensuring security compliance. The council can be a venue for discussing security topics and risk management strategies, and it can host resolution attempts for conflicts in the process. </p><h4>ESRM Covers All Security </h4><p>There is no aspect of security that cannot be managed in alignment with the ESRM philosophy.  Many security professionals already practice much of the ESRM philosophy without thinking of it that way. For example, performing a physical security risk assessment on a facility is equivalent to the ESRM steps of identifying and prioritizing assets and risk. And setting up a crisis management plan can be considered an aspect of ESRM risk mitigation, as well as incident response.</p><p>The critical difference between programs that do these activities as part of a traditional security program versus an ESRM program is the consistency of approach in ESRM. In ESRM, these activities are not performed on an ad hoc basis but consistently across all areas of security risk. They are not applied to one area of the organization and not to another. And, vitally, they are not performed in a vacuum by security and for security, but in full partnership with the business leaders driving the decision making process for all risk mitigation.​</p><h4>ESRM Is Possible</h4><p>Implementing ESRM cannot be done overnight.  It’s an iterative process that allows your security program to evolve over time into a pure risk management approach. For the security manager, the first step to fully understanding the ESRM philosophy is to communicate it to the executives and business leaders in the enterprise.  </p><p>When implemented thoughtfully and practiced consistently, ESRM can completely change the view of the security function in any organization. The old view of security as “the department of no” will shift when business leaders understand that security is a partner in ensuring that the assets and functions of the enterprise most critical to the business are protected in accordance with exactly how much risk the business is willing to tolerate.  </p><p><strong><em>Rachelle Loyear i</em></strong><em>s ESRM Program Manager for G4S and chair of the ASIS Crime Management and Business Continuity Council. </em><strong><em>Brian J. Allen, Esq., CPP,</em></strong><em> is a member of the ASIS ESRM Commission. Allen and Loyear are coauthors of </em>The Manager's Guide to Enterprise Security Risk Management <em>and the forthcoming book </em>Enterprise Security Risk Management: Concepts and Applications.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/What's-New-in-Access-Control.aspxWhat's New in Access Control?<p>​Innovation in access control is quietly heating up. The industry is ready to implement innovations on a broad scale that have been just out of reach. Demand for virtual credentials is growing, facial recognition technology is both technically and economically feasible, and migration to the cloud is increasing—and increasingly beneficial. Over the next few years, market adoption of these advances will transform the ways security professionals operate and organizations benefit from their access control systems. </p><p><strong>Virtual credentials and mobile access technology</strong></p><p>The demand for virtual credentials and mobile access is intensifying, driven in part by younger members of the workforce who never go anywhere without their smartphones. Suffice to say, most employees wouldn't turn their cars around for a forgotten physical credential, but they'll certainly restart their commutes to collect forgotten smartphones. </p><p>The benefits are simple: convenience, compliance, and satisfaction of workforce demand. Everyone carries their phone, security professionals enhance their management capabilities, and employees can stay on the move. By including the credential in a mobile device, embedded in an app, organizations can also provide novel security capabilities, such as threat reporting and virtual photo ID. </p><p>The good news is that virtual credentials and mobile access technology have progressed to the point that they are easier to implement. Migration is straightforward, and implementation does not need to be all-or-nothing. Instead it can be taken in phases leading to an interim hybrid approach that includes physical and virtual credentials. </p><p><strong>Facial recognition</strong></p><p>Facial recognition offers the advantage of using existing access control rules, while reducing the friction of the user experience. </p><p>Picture a busy New York City high-rise office building with turnstiles that control access to an elevator lobby. There are always a few employees who have to search their pockets or backpacks to fish out a physical credential. Implementing facial recognition eliminates that bottleneck. The software scans people as they approach the turnstile and transmits a virtual credential to the access control system. Where a line might otherwise have formed, authorized employees now pass through turnstiles efficiently. </p><p>Facial recognition access control is no longer out of reach. Today's computing power can be combined with increasingly high-definition cameras and advanced recognition algorithms to bring the costs of implementation way down. </p><p><strong>Access control in the cloud</strong></p><p>The access control server is the nerve center of an access control system, but it no longer needs to physically exist. The increasing prevalence of the cloud eliminates that necessity. </p><p>Rather than dealing with the maintenance of a physical server, the speed and convenience of the cloud can handle everything a hardware box used to. This advance allows for increased scalability. And it provides flexibility in how security professionals purchase and use access control servers. Now the integrator or manufacturer can reduce end user burden and cost by ensuring that systems are backed up and updated remotely.<strong> </strong></p><p><strong>What's next?</strong></p><p><strong></strong>Innovations in access control systems will drive the industry over the coming years. Novel credentials, such as mobile access and face recognition technology, combined with cloud-based servers will deliver an altogether improved experience. </p><p><em>John L. Moss is CEO of S2 Security.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465