Tamworth-based trade association, DHF (Door & Hardware Federation), has, this week, launched its CSCS-approved card partner scheme in collaboration with the Automatic Door Suppliers Association (ADSA). The DHF CSCS card provision is for those who work with industrial doors, domestic garage doors, automated gates & traffic barriers and metal or timber doors. CSCS cards for construction workers “Whilst not a legislative requirement, CSCS cards are supported by the government and pr...
Fugue, the company delivering autonomous cloud infrastructure security and compliance, has announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks. Users can deploy the Fugue Best Practices Framework within minutes to improve the security posture of their Amazon Web Service (AWS) cloud environments. Cloud misconfiguration...
ExtraHop, global provider of cloud-native network detection and response solutions, has announced that it has joined the Microsoft Intelligent Security Association (MISA), which brings together an elite group of security-related companies partnering with Microsoft to defend against threats facing hybrid enterprises today. ExtraHop also announced a new integration between the ExtraHop Reveal(x) platform and Microsoft Azure Sentinel enabling faster threat investigation and remediation. ExtraHop...
Device Authority, a pioneer in Identity and Access Management (IAM) for the Internet of Things (IoT), announced it has been accepted into the Venafi Machine Identity Protection Development Fund. For decades, code signing has been used to verify the integrity of software, and nearly every organisation relies on it to confirm their code has not been corrupted with malware. Code signing keys and certificates are used in a wide range of products, including firmware, operating systems, mobile applica...
The task of protecting shared spaces, such as offices and schools, has become increasingly complex, particularly with ever-rising political tensions and the difficulties of assessing threats for schools, workplaces and law enforcement. Given the randomness of when and where a violent person may strike, those who manage facilities need an emergency plan, as well as robust training, detection and awareness. To gain more insights into dealing with such threats, we interviewed John Torres, Presiden...
Confederation of European Security Services, CoESS and Euralarm have published a joint brochure on cyber security. The first copy of the brochure ‘Cyber security - Threat or Opportunity? It’s up to you!’ was launched during the General Assembly of CoESS held on 11 October in Rome. Cyber security breaks up the borders between product development, design, installation, operational continuity and alarm response. The guidelines highlight that when addressing cyber security, it is...
Teijin Aramid has announced its participation at Milipol Paris 2019, global event for homeland security and safety, which takes place at the Villepinte Exhibition Center in Paris, France. From November 19 to 22, at booth 5N122, globally renowned manufacturer of premium aramids will show how their para-aramids Twaron and Technora, meta-aramid Teijinconex and ultra-high molecular weight polyethylene (UHMWPE) Endumax can add value to highly efficient protective equipment for police, justice, border patrol, military and armed forces. Personal protection and body armour equipment Teijin Aramid will showcase a wide range of materials providing personal protection in many ways. It’s products Twaron, Teijinconex, and Endumax offer outstanding capabilities bringing added value to body armour equipment, such as uniforms and turnout gear, protective vests, helmets, and inserts. Twaron and Endumax can help protect against bullets, fragments, as well as stabbing with sharp objects. Both offer a high strength, excellent energy absorption and a high modulus of elasticity, enabling superior protection against a wide range of violent treats. What’s more, both provide long-term stability and impact resistance. Resistance against heat, chemicals Furthermore Teijin’s aramids Twaron, Technora and Teijinconex can offer inherent resistance against heat, flame and chemicals. They neither burn or melt, meaning they both add value to military and police turnout gear.
CSCUK - Cyber Security Connect UK – renowned forum for Chief Information Security Officers (CISO), has called for the cyber security community to respond to the UK Government policy paper published on 11 September 2019 about post-Brexit cyber security. Cyber security certification The British Government has asked for the cyber security industry in the UK to provide views and opinions about the proposed approach to cyber security certification following the UK’s departure from the EU. The British Government has asked for the cyber security industry in the UK to provide views and opinions Martin Smith, Cyber Security Connect UK Conference, The Security Company and SASIG Chairman and Founder, has called on the cyber security community in the United Kingdom to use this opportunity to reinforce the importance of ensuring that the highest standards are retained by the UK once it departs the European Union. Maintaining the high standards of cyber security Mr Smith stated, “As the data economy and IOT (Internet of Things) continues to thrive, we must ensure that the general public have trust in the products, services and processes that businesses and government agencies provide. It is paramount that the level of cyber security remains robust enough to ensure that our digital economy continues to function safely and securely. I would encourage all cyber security professionals to bring the key issues to the attention of the UK Government.” The Department for Digital, Culture, Media and Sport is asking for responses to be submitted by the 8th October 2019.
AlgoSec, the provider of business-driven network security management solutions, has introduced extended support for Cisco ACI SDN deployments, and enhanced application visibility and network auto-discovery features in the new version of its core Network Security Management Suite. The new AlgoSec A30 release delivers new automation capabilities that enable seamless, zero-touch security management across SDN, cloud and on-premise networks. This gives enterprises the most comprehensive visibility and control over security across their entire hybrid environment. AlgoSec security management features Key new features in AlgoSec security management suite version A30 include: Extended support for Cisco ACI AlgoSec security management A30 delivers full end-to-end automation of security change management processes for Cisco ACI environments – from planning, risk and compliance checks, to deployment directly onto the device – with zero touch, in a fully automated and secured workflow. Security and IT teams can create new contracts and filters directly on Cisco APIC. Enhanced business-driven application visibility and network auto-discovery AlgoSec security management A30 features the new AppViz add-on, which enhances application visibility and network auto-discovery to dramatically accelerate identification and mapping of the network attributes and rules that support business-critical applications. This speeds up organisations’ ability to make changes to their applications across any heterogeneous on-premise and cloud platform, and to troubleshoot network and change management issues across the entire enterprise environment – ensuring continuous security and compliance. Automatically push network-wide policy changes with AppChange AlgoSec’s new AppChange add-on is available in A30, which automatically updates network security policy changes on all relevant devices across the entire hybrid enterprise network, realising significant time savings for IT and security teams and eliminating manual errors. Security zone enhancements AlgoSec security management A30 enables teams to easily visualise network security zones, and to select risk profiles for each zone to support decision-making for both application owners and security managers. This makes application provisioning and deployment easier, and accelerates planning and implementing network micro-segmentation strategies to enhance security network-wide. SDN and cloud environment “Organisations need to be able to make changes to their core applications quickly to stay competitive, and security teams have to deliver those changes at the speed of business, without impacting security or compliance. This is especially critical as companies implement digital transformation initiatives and migrate their business applications to SDN and cloud environments,” said Eran Shiff, AlgoSec VP Product. “The new features in AlgoSec A30 version make it even easier for security and IT teams to quickly plan, assess and automatically make changes across their entire environment, to maximise business agility, while ensuring security and compliance is never compromised.” The AlgoSec Security Management Suite version A30 is generally available.
Linx International Group, a pioneer in the provision of security, risk management, consultancy and training services, announced that its eLearning courses are available for the first time in Arabic, Spanish and French. The launch of these best in class courses form part of the Linx International Group’s aim to raise security knowledge and standards, through expert training and education worldwide. Arabic is spoken by approximately 310 million people around the world, whilst Spanish is the native language for approximately 400 million people living and working in more than 20 countries. French is spoken by 275 million people and is the official language of 29 countries, with the largest population living and working in Africa, a region where the Linx International Group has a proud heritage of delivering security training. Making courses available to security practitioners It is both an opportunity and responsibility to make the courses available to every security practitioner"Linx International Group Director, Angus Darroch-Warren states: “The courses we develop are widely recognised as the very best in class and it is both an opportunity and responsibility to make them available to every security practitioner, regardless of their level of expertise, the language they speak, or the country in which they operate.” Angus adds: “There are currently 985 million people speaking Arabic, Spanish or French and until now those working in security related roles have had limited access to high-quality, yet affordable security management and technical training.” The first phase of the newly translated eLearning courses is provided by Linx International Group company’s PerpetuityARC Training and Tavcom Training, and addresses some of the most relevant and in-demand topics for security practitioners today. The courses are: Security Risk Management Security Surveys Crisis Management and Business Continuity Lenses Explained Detection Devices Building Security Access Management Interactive and immersive training experience An additional two courses use the new Linxville simulation platform, a game changing way to teach security best practiceThese short, information-rich bite size courses have been developed by world-leading experts in their fields, with another four courses set for release this September. Furthermore, an additional two courses use the new Linxville simulation platform, a game changing way to teach security best practice. Angus explains: “Our Perimeter Security and Hostile Vehicle Mitigation courses use the Linxville platform to provide a highly visual, interactive and immersive training experience.” The Linx International Group will be launching more courses in September, with each course costing just £9.90 inc VAT. Completion of the course is rewarded with the presentation of a PerpetuityARC Training Certificate or a Tavcom Training Certificate.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence, announced Genetec ClearID™, a self-service physical identity and access management (PIAM) system that standardises and enforces security policies to help make organisations more efficient, compliant and secure. Available in North America in September 2019, and globally in early 2020, ClearID will be showcased at the Global Security Exchange (GSX) in Chicago, in booth #1533. From corporate offices and university campuses to highly regulated multinationals in the oil, gas, mining, and petrochemical industries, ClearID removes the day-to-day complexities of managing individual cardholders and access rights. Guided by an organisation's existing policies, ClearID automates workflows and self-service capabilities to enable a more fluid, efficient working environment for everyone – without compromising security. ClearID can be deployed more easily than on-premises solution that requires complicated integrations" By automating access rights management, ClearID reduces bottlenecks related to managing employee and visitor access requests. Cumbersome and time-consuming paperwork related to granting people access to facilities or specific work areas can be streamlined with automated workflows allowing employees to make on-demand requests in the online portal. This means that managing day-to-day access needs, meeting compliance conditions, and ensuring policy updates become a more automated process. Enhancing user experience "As a cloud-based service that's built to work natively with Genetec Synergis™ access control security software, ClearID can be deployed faster and more easily than an on-premises solution that typically requires complicated integrations and customisations," says Jonathan Doyon, Genetec Product Group Director for ClearID. "With less infrastructure, customers save both money and time by not having to maintain additional physical systems." A self-service physical identity and access management system, ClearID enables employees to login to an online portal and make access requests directly to the area owner or supervisor. Employees control their own access requests which ClearID automatically approves, denies, or routes on to an operator to review, based on corporate policies and automated workflows. "The seamless movement of people throughout an organisation is integral to its efficiency and operations", continued Mr Doyon. "Genetec ClearID is a smarter way to manage employee, visitor and contractor access rights – greatly enhancing the user experience, eliminating unnecessary overhead from administrators and helping standardise and codify security policies to make organisations more efficient, compliant, and secure." Simplify manual processes ClearID will simplify the auditing process by providing area owners with an instant view of who has access to their areas The initial release of ClearID will help improve visitors' experiences by providing a smoother, automated process that begins as soon as a meeting is arranged. Using a web portal, the employee (host) creates a profile for the visitor including the meeting details. The visitor, in turn, receives a confirmation email with a QR code that can be used to sign in once on site, print a badge, and automatically advise the host of their arrival. Another key functionality supports organisations in industries where they need to comply with strict access requirements. ClearID will simplify the auditing process by providing area owners with an instant view of who has access to their areas. This will allow them to quickly revoke the people who shouldn't be there as well as simplify manual processes that are time and resource intense and prone to human error. In future releases of ClearID, contractor management features will ensure that when access requests are initiated, approvals or denials are made prior to the contractor's arrival based on the necessary qualifications, tests and steps of identity authentication required to grant access. This will support additional compliance with standards, and minimise costs associated with contractor wait times.
The IoT is not only integrating devices and services, it is also bringing businesses together – particularly in the safety, security and fire sectors. This fact was demonstrated at the latest edition of Secutech Vietnam, where a record 380 exhibitors and 14,239 trade visitors converged to do business and learn about the latest products. Brands from 21 countries and regions lined up at the show, with many commenting that the market for smart solutions is becoming increasingly competitive. With a population of almost 100 million and construction projects taking place across the country, exhibitors were pleased to find opportunities not just in Ho Chi Minh City and the south of Vietnam, but across the entire country. Secutech Vietnam 2019 At the conclusion of the show, Ms Regina Tsai, the Deputy General Manager of Messe Frankfurt New Era Business Media Ltd said: “This 12th edition of Secutech Vietnam has delivered concrete business results. Apart from serving the smart city sector, the concurrent Fire & Safety Vietnam and SMABuilding events have helped industry players to collaborate, solve pain points, and take advantage of growth potential in the factory, residential and commercial property sectors. Through its concurrent events and fringe programme, we are proud that Secutech Vietnam continues to orient the regions’ safety, security and fire sectors towards a bright future.” Taking place at the Saigon Exhibition and Convention Centre from 14 – 16 August 2019, the mood inside the exhibition hall was positive as exhibitors displayed their latest IoT, surveillance, fire safety, access control, cloud computing, and artificial intelligence technologies to trade buyers from across Vietnam. IoT, video, access control Aiming to find more partners in Vietnam, and so far we have met a lot of project owners and system integrators at the fair" Because of the increasingly competitive business environment, many brands decided to boost their presence at the fair by exhibiting at a dedicated booth, having previously been represented at Secutech Vietnam through local distributors. “The market is growing so fast that we need a platform to meet the right customers,” said Mr Charly Wang, the Regional Sales Director of Merit LILIN, a supplier of IP surveillance and video analysis solutions. He continued, “We are aiming to find more partners in Vietnam, and so far we have met a lot of project owners and system integrators at the fair.” Global security companies exhibit Apart from LILIN, other well-known brands in attendance included Avigilon, Bosch, Hanwha Techwin, Hitron, Kedacom, Nha An Toan (a Hikvision and ABB distributor), and ZKTeco. Organised by the Shenzhen Circular Economy Association and the Shenzhen Municipal Commerce Bureau, the Shenzhen Pavilion was one of four international pavilions at the trade fair. Hosting 20 leading suppliers including ANJIA, DOPHIGO, Feyond, GoldenVision, Harvest Kang and Jeas-Union, the pavilion showcased the latest solutions in smart building, smart home and transportation. The show’s international contingent also included nearly 40 companies in pavilions from Singapore, the Korea Fire Institute, and the Japan Fire Pavilion. Smart city and retail Aiming to meet trade visitors from across Vietnam, Hanwha Techwin were introducing their surveillance and service centre solutions for smart city, smart factory, and retail at the show. Mr Ta Quang Huy, the Country Manager of the company said, “We have exhibited at the show for four consecutive years because of the wide variety of visitors that come here, not only from Ho Chi Minh City, but also from major cities such as Danang, Hanoi, and Central Vietnam. Compared to last year, the visitor flow has increased, and clients seem to be focusing a lot on smart city.” At the fair’s concurrent SMABuilding event, exhibitors also painted a favourable picture of market prospects: “According to reports that we have read, the smart building market in Vietnam is expected to grow by 20 to 30 percent until 2030,” said Ms Bui Thi Huong Lan, the CEO Assistant at TechPro. “Our main objective at the fair is to promote our new biometric security solutions to the market. We are really satisfied with the results. In just one day we have received more than 100 potential clients at our booth that are relevant to the smart building and home markets, including contractors.” Fire safety solutions We manufacture a wide range of firefighting equipment, including specialised vehicles and ambulances" With a record-breaking scale of display, up 21% from 2018, visitors to the concurrent Fire & Safety Vietnam event were able to locate extinguishing systems, alarms, valves, personal protection equipment, CPR solutions, and fire dust detection systems from well-known brands such as D&C Vina, Funayama, Himax, Masflo, Nittan, Secom, SFFECO, Yun Yang, VT Plus, Quoc Nam and many more. According to an exhibitor at the event, Mr Radwan Halabi, the Export Director of NAFFCO, new construction projects have opened up a gap in the market for internationally certified products, “We manufacture a wide range of firefighting equipment, including specialised vehicles and ambulances. In the Vietnamese market, new projects are looking for internationally certified products, especially high-rise buildings and shopping malls. The results of our participation at Secutech Vietnam have been really good. The visitors here are very unique, and we have not met any visitors that are unrelated to our products.” New trends and technology With so many internationally renowned brands exhibiting at the fair, Secutech Vietnam 2019 proved itself to be the ideal destination for trade buyers to identify new trends and find appropriate products for their businesses. New at the show this year, the business matching service hosted more than 530 tours and meetings with more than 85% expressing their satisfaction with the service as an efficient way to target solutions of interest and establish new business connections. CCTV and AI “I have been visiting the show for eight years, and I can see that there are more brands joining each year. Almost all the key brands in the industry are present,” said Mr Dao Anh Dung, the Sales Manager of Sao Nam An. “So far, I have noticed that there are more CCTV solutions which are highly flexible and can be adjusted to customer needs. The AI technology is becoming more mature too.” Other visitors noted that there is increased interconnectivity between devices. Mr Nguyen Van Huynh, a Product Designer from Cty TNHH PCCC Sao Viet, said “We are a fire alarm system developer for commercial and residential uses. We are working on a new system and I am one of the technicians in the team. I am here to learn about market and industry trends so that we can adjust our products to fit market needs. I have noticed that there is increasing adoption of IoT and connective technologies to integrate systems. This is something that we are also working on.” Networking and sourcing Networking and sourcing opportunities apart, the trade fair offers an information exchange platform In addition to networking and sourcing opportunities, the trade fair also provided an information exchange platform that helped sector players learn about important growth areas. One of many sectors primed for future growth is smart factory, however the sector is still in a nascent stage. “At the moment there are not a lot smart factories in Vietnam but many manufacturers are expressing serious intentions to set up smart factories,” said Mr Long Nguyen, the CEO of Houselink and a speaker at the Smart Factory Conference. “A lot of the topics that we discussed at the conference are very practical for these manufacturers, and some attendees asked for further information after my presentation. Attendees can also find related products in the fairground, so bringing this conference to the show is really useful for the local industry.” Fire protection solutions Some of the key themes of the conference ranged from market updates, government policy, security, management efficiency, IoT applications, and fire safety. For fire safety professionals, there were plenty of industry insights on offer at a seminar dedicated to fire protection solutions. Speakers included representatives from the Vietnam Fire and Rescue Police Department and the Korea Fire Institute, who discussed regulations, UL certification, fire prevention in mixed-use buildings, intelligent alarm systems and more. Secutech Vietnam is jointly organised by Messe Frankfurt New Era Business Media Ltd and Vietnam Advertisement and Fair Exhibition JSC. The next edition will take place from 20 – 22 August 2020 at SECC, Ho Chi Minh City.
The oil and gas market is driven by a number of technology trends, political issues, waves of supply and demand, and regulations. At times, it seems like the market is in a constant state of ebb and flow, with business affected by traditional drivers, such as government mandates and operational efficiencies, and other non-traditional markers, like challenging weather conditions (consider the 2017 hurricane season as an example). Additionally, the global economy continues to grow, propelling increased energy demand. But like nearly every other market today, the oil and gas market is on the brink of a sea change. According to Deloitte’s 2018 outlook on oil and gas, “the digital revolution is here.” The sheer volume of information and data generated by digital devices, such as those associated with the Internet of Things, will allow producers to leverage rich data and combine it to deliver smart, efficient solutions. The rise of digital technologies is unleashing new ideas across the oil and gas industry and even though we are in the beginning stage of being able to harness the power of these types of technologies, innovative ideas are emerging — all designed to support the core business, reduce internal investments, deliver products faster, boost efficiencies, and enhance safety. Maximised operations and increased ROI This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand This is welcome news because there are a number of challenges facing the oil and gas industry, from improving reserve replacement and ensuring workplace safety to reducing operating costs and limiting downtime. All of these objectives must be achieved while maximising operations and increasing overall return on investment. Never has it been more crucial for critical infrastructure organisations to demonstrate a focus on safety, security, and collaboration. Here's why: Growth and demand According to the U.S. Energy Information Administration, world energy consumption will grow by 56 percent between 2010 and 2040. This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success. Compliance Continuous demand is only one challenge; compliance with industry and government regulations is another significant hurdle that must be maintained or there is risk of production shutdowns. For example, the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) impose comprehensive federal regulations for high-risk chemical facilities, requiring organisations to conduct vulnerability assessments. This is just one of many regulatory procedures sites must follow to conform to environmental protections, safety precautions, and safe handling of hazardous materials. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success Threat protection, mitigation, and collaboration In addition to meeting the requirements of regulatory procedures, mitigating risk in this industry propels leaders to develop stringent strategies to ensure robust protection of people, property, and assets, effective and efficient response to incidents when they occur, and procedures and protocols to ensure business continuity in emergency situations. Energy providers require comprehensive safety planning and technology systems that can augment the capabilities of on-site and remote personnel. In recent years, video solutions have become the standard for monitoring facilities, assets, and employees, and now these organisations require enterprise-class solutions that can help gather intelligent data that allows for enhanced security and safety efforts but also focus on processes that enhance operational efficiencies. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market IT security is also a concern. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market. An IT breach can cause operational havoc, risk to the public, and damage to an organisation’s brand. Adopting a continuous improvement approach to a security strategy safeguards and helps protect valuable company information and reduces the likelihood of an incident. Also, collaboration between IT and physical security leaders and the correlation of both departments' data makes it much easier to identify a potential breach before havoc ensues. The digital age With the rise of the digital revolution and the demand for data to improve insight, oil and gas producers and businesses need to find new ways to capture data, correlate it as needed, and then leverage it to make the most informed decisions. Software platforms are being used in a wide variety of applications to provide a single pane-of-glass view that allows operators to gain critical insight into operations. By collecting intelligence from digital sensors, such as video surveillance cameras, open-source Web intelligence, building systems, crowdsourcing, weather sensors, mobile devices, and more, operators can detect potential risks and manage and respond to situations more efficiently. Furthermore, information can be shared easily with multiple agencies, employees, citizens, and first responders — especially valuable in the event of a safety incident where rapid response is paramount. By creating a single enterprise-wide view across disparate systems and technologies, organisations experience improved response times, lowered operational costs, and increased employee safety. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically Traditional command centers Intelligent solutions, such as those derived from the idea of artificial intelligence, help organisations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command center technologies within the oil and gas industry, fusing critical data input from emergency calls and responder activity to enhance situational awareness. With traditional command centers relying mostly on call and radio updates, visibility can be limited, but new digital platforms enable operators to oversee a situation and engage with and direct the response force. Overall, these types of automated functions deliver a simplified and modernised operating environment. The future is the Intelligent SOC Oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets All of these digital solutions are designed to take center stage within the Intelligent Security Operations Center (ISOC). To combat advanced, multi-stage threats, oil and gas facilities are transforming the traditional SOC into the next-generation unified ISOC with an integrated platform for detection, investigation, communication, and response. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically. Energy providers operate in challenging, fast-moving environments in which opportunities, requirements, and regulations can vary widely, change quickly, and evolve significantly over time. As the idea of the digital age continues to transform this market, new technologies will be more widely used to improve business operations from exploration and extraction to transportation and distribution. With the right technology, strategic partnerships, and enhanced situational awareness, oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets, while continuing to focus on achieving business goals that will sustain supply and demand for years to come.
According to the reports of not-for-profit organisation Gun Violence Archive, the year 2018 has seen 323 mass shooting incidents as of November 28 in the United States. This number is 346 for the year 2017 and 382 for 2016 (more statistics are available here), with “mass shooting” defined as cases where four or more people are shot or killed in the same time period and location. While definitions of mass shooting vary with organisations in the US, the count of over 300 incidents per year, or about once per day on average, is simply alarming. It raises public safety concerns, ignites debates and protests, which in turn lead to public unrest and potentially more violence, and increases costs for governments from the regional to federal level. Most importantly, the loss of lives demands not only improvement in post-incident handling and investigation, but also new prevention technologies. Gunshot detection solutions AI weapon detection offers a more efficient alternative to prevent active shooting There are several gunshot detection solutions in the security market, commonly used by law enforcement agencies to detect and locate gun fires. These systems function based on acoustic recordings and analyses and often in combination with signals detected by sensors of the optical flash and shockwave when a gun is fired. However, gunshot detection by nature dictates that the law enforcement can only react to a shooting incident that has occurred. With fast action, law enforcement can prevent the incident from escalating, but lives that are lost cannot be recovered. With the development of artificial intelligence in object recognition, AI weapon detection offers a more efficient alternative to prevent active shooting: AI can visually detect guns based on their shapes before they are fired. The AI is trained to recognise firearms in different shapes, sizes, colours, and at different angles in videos, so that the AI weapon detector can be deployed with existing cameras systems, analyse the video feeds, and instantly notify security staff when a gun is spotted. Comparison of the advantages for law enforcement and public security agencies Legacy gunshot detection using sensors AI weapon detection Reactive measure: detect after guns have been fired Proactive measure: detect before guns are fired Time to action: within 1 second Time to action: within 1 second Unable to provide visual data about shooter(s) Can provide data about shooter(s) based on the camera recording: clothing, luggage (backpack, handbag, etc.), facial features, vehicle Unable to track the location of the shooter(s) before and after shooting because of the lack of sound Can track the shooter(s) using AI Person & Vehicle Tracking, AI Face Recognition, and AI License Plate Recognition False detection caused by similar sound such as fireworks and cars backfiring Minimal to no false detection, as AI can distinguish different types of handguns and rifles from normal objects (umbrella, cellphone, etc.) Require physical deployment of gunshot detection sensors Can be used with existing camera systems, do not require special hardware Complicated to deploy, require highly trained professional Easy to deploy as an add-on to existing video surveillance system - Can integrate with gun-shot detection to create a “double knock” audio and video active shooter alert system Gun-shot detection advantages In addition to advantages for law enforcement and public security agencies, this type of visual-based pre-incident detector has three-fold advantages for the public: Save lives by spotting the shooter before the shooting event. Minimise the chaos entailing an incident: panic and chaos caused by a shooting incident often adds to injury, as people run, fall, trample on others… With an AI weapon detector, when a gun is spotted, the system sends an alert to security staff, who can quickly control the situation in an organised manner and apprehend the intending shooter. Can be added as a SaaS (Security as a Service) component to small business and home surveillance systems, e.g., intrusion detection alerts (home invasion incidents with firearms number over 2500 per year nationwide). For a complete active shooter detection system, video-based AI detector can operate in conjunction with gunshot detectors for enhanced security. Traditional X-ray based weapon detection or metal detection entrance systems are complicated and expensive; with AI video technology, active shooter detection system can be cost-effective, and after all, what price tag can one put on a life? Written by Paul Sun and Mai Truong, IronYun
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
Hikvision and Dahua have been added to a U.S. government list of entities “reasonably believed to be involved, or to pose significant risk of being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States.” In effect, inclusion on the list restricts the export of equipment to the two companies because of their alleged involvement in “human rights violations and abuses” related to a Chinese government campaign of repression, mass arbitrary detention, and high-technology surveillance against minority groups. Equipment from the two companies is used to provide video surveillance capabilities in the Xinjiang Uighur Autonomous Region (XUAR) of China. The minority groups targeted are Uighurs, Kazakhs and other Muslim minorities. Equipment from the two companies is used to provide video surveillance capabilities in the Xinjiang Uighur Autonomous Region (XUAR) of China The decision to add Hikvision and Dahua, among 26 other “entities,” to the list was made by the United States End-User Review Committee (ERC), composed of representatives of the Departments of Commerce, State, Defense, Energy and (where appropriate) Treasury. A majority vote of the panel is required to add an entity to the list, and a unanimous vote is required to remove or modify an entity. The 26 other entities include the Chinese government’s bureau in XUAR, 18 subordinate municipal and county public security bureaus and one other subordinate institute. Specific licenses (government approval) are required for any transaction in which items are exported, reexported, or transferred (in country) to any of the entities on the list; or in which the entities act as purchaser, consignee or end user. Loosely speaking, inclusion on the list prevents Hikvision and/or Dahua from buying any component parts from U.S. manufacturers. Indirectly and more broadly speaking, the measure affords a new downside to the Dahua and Hikvision brands in the U.S. market. Anyone concerned about human rights abuses might hesitate to buy from the two companies, although the entity list does nothing to prohibit sales of the company’s products. Dahua and Hikvision statements In a company statement, Dahua has “express[ed] strong protest to such decision, which lacks any factual basis, and call[ed] on the U.S. government to reconsider on it.”’ Indirectly and more broadly speaking, the measure affords a new downside to the Dahua and Hikvision brands in the U.S. marketThe Dahua statement continues: “As a global business entity, Dahua adheres to the business code of conduct, and follows market rules as well as international rules. Dahua is actively working to ensure our investment and business operations around the world comply with all applicable laws and regulations. Regarding the decision of U.S. government, we have actively taken various measures, and we will continue providing outstanding products and services to our customers.” Hikvision has released the following statement: “Hikvision strongly opposes [the] decision by the U.S. Government and it will hamper efforts by global companies to improve human rights around the world. Hikvision, as the security industry’s global leader, respects human rights and takes our responsibility to protect people in the U.S. and the world seriously. Anyone concerned about human rights abuses might hesitate to buy from the two companies "Hikvision has been engaging with Administration officials over the past 12 months to clarify misunderstandings about the company and address their concerns. In January 2019, Hikvision retained human rights expert and former U.S. Ambassador Pierre-Richard Prosper to advise the company on human rights compliance. Punishing Hikvision, despite these engagements, will deter global companies from communicating with the U.S. Government, hurt Hikvision’s U.S. businesses partners and negatively impact the U.S. economy.” “The U.S. Government and Department of Commerce cannot and will not tolerate the brutal suppression of ethnic minorities within China,” said Secretary of Commerce Wilbur Ross in making the announcement. “This action will ensure that our technologies, fostered in an environment of individual liberty and free enterprise, are not used to repress defenseless minority populations.”
Workforce management systems gather and analyse information and anomalies from security officers in the field. The information ranges from direct observations entered via mobile or desktop apps by officers on duty to reports from cleaning staff, the maintenance department, and CCTV operators. Taken together, the information yields business intelligence and data analytics at no additional cost. Trackforce is a provider of workforce management solutions specific to the security industry and its unique operational requirements. From tracking guard tours to managing incidents and officers remotely, the platform improves officer accountability, optimises operations, and delivers actionable insights via a live dashboard to reduce vulnerabilities and enhance efficiencies. The platform is customisable and scales to each client’s business. Platform to control and identify risks “Corporate security teams deal with issues related to operational risk, facility security levels and design basis threats, and must contend with manmade, naturally occurring, and technological events,” says Guirchaume Abitbol, CEO and founder of Trackforce. “We provide them a platform that enables them to control and identify risks, deliver their service, and maintain security best practices.” Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications Trackforce serves large security guard companies and global organisations in diverse vertical market sectors and is expanding in facilities management. More than 200,000 professionals at over 20,000 customer sites in 45 countries use the platform. Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications, and generates data-rich analysis and key performance indicators (KPIs) that enhance monitoring and reporting. Reduces corporate risk Better management of corporate risk is a benefit of security workforce management. The Trackforce platform reduces corporate risk in four areas by: Managing multiple sites, located anywhere, with various threat levels, cultural differences, operating procedures, and regulations. Supporting a security budget and investment in new solutions by providing data necessary for budget approval. Keeping management informed about outsourced security services partners with relevant data, analytics, and transparency. Providing real-time data on risks and incidents so operations can be quickly optimised to ensure top-level security services. Identifying potential threats and risks The platform rapidly and accurately collates data (implied data or trends) based on user-selected parameters. Data- and intelligence-rich reports become available to managers from any location via a dashboard. All necessary information is displayed on a single screen in an uncluttered format.The ability to analyse current and historical data in real time empowers security managers to track patterns Reports can be downloaded and shared with stakeholders. The ability to analyse current and historical data in real time empowers security managers to track patterns, identify potential threats and risks, and implement preventative actions and strategies. Using data intelligence as benchmark Security teams will use data intelligence as a performance benchmark for resources required to accomplish site goals. They will also use this information to pilot and rationalise resource needs for impending contracts based on historical, descriptive (what happened), diagnostic (why did it happen), predictive (what will happen) and/or prescriptive data (how can we can make it happen). “For example, when a large company incurs incremental computer equipment theft, a supervisor can use the platform to review historical reports and identify patterns and anomalies,” says Abitbol. “The supervisor could then identify and proactively implement targeted strategies to mitigate the theft, such as modifying security routes, increasing patrols, or adjusting asset management protocols.” Enhanced control of security resources The Trackforce platform has been designed to serve clients at multiple regional and national locations and is available in many languages. The Command Center allows a security supervisor based at a central location to easily manage officers on multiple sites. The Command Center provides greater oversight and enhanced control of security resources The Command Center provides greater oversight and enhanced control of security resources. Management can compare locations and evaluate security with a customisable reporting dashboard for each site. The uniform platform uses the same reporting templates and processes for each secured and managed location, thus ensuring consistency and accurate benchmarking. Trackforce’s workforce management solution has low cost and presents a low barrier to entry, with systems that can be implemented in a short time.
When it comes to emergency planning and response, there is an abundance of resources to help enterprises prepare to mitigate the impact of an incident. The U.S. Federal Emergency Management Agency (FEMA) has devised the National Incident Management System (NIMS), aimed at defining and standardising ways that resources can be used to manage and respond to an incident. An enterprise’s Emergency Operations Plan, or EOP, incorporates NIMS concepts and spells out what to do in an emergency. Security equipment purchases But how does an EOP relate to security equipment purchases? In the language of FEMA, enterprises should ask themselves: How do I currently ‘resource type’ my electronic countermeasures as part of my critical incident response plan? In FEMA parlance, ‘resource typing’ is categorising resources according to capability using FEMA’s ‘Typing Library Tool’. The tool identifies technologies that can improve response. Technology purchases should be considered in the context of their role in the larger plan, says Jerry Wilkins, PSP, Vice President of Active Risk Survival. “Currently, that doesn’t happen, and we as an industry do not even speak in the same language as those who guide emergency responses to which security equipment can be a useful contributor,” Wilkins says. The National Incident Management System is aimed at defining and standardising ways that resources can be used to manage and respond to an incident Wilkins speaks with authority based on a long career in the industry. Beyond his experience working in burglar alarms, home security, and as a manufacturer’s rep, Wilkins has expanded his expertise to the broader categories of incident command, emergency response and law enforcement. He has received FEMA IS-0100 (incident command training) and has sought to apply it to critical incidents, active shooters and other emergency situations. He has attended Solo Engagement Operator Training (SWAT school) and Tactical Emergency Casualty Care (TECC) military training. Responding to emergencies As a student in a broad array of disciplines, Wilkins has sought to engage the security technology industry in an important conversation: What can we do as an industry to apply technical capabilities to the question of how to respond to an emergency? Adherence to best practices can help to avoid liability – and save lives For example, CCTV is a valuable tool for situational awareness, but it wasn’t deployed in the aftermath of the Parkland, Florida, school shooting in 2018 until 24 minutes into the incident. “By the time they decided to use the video, [the shooter] was already gone. They had 15 high-definition cameras, but they did not know how to use the technology for situational awareness because it was not part of the Emergency Operations Plan. They could have known every move [the shooter] made if the technology had been part of the EOP,” says Wilkins. Here is another example from the Parkland shooting incident response. When responding to an incident, Emergency Medical Service (EMS) typically divides a site into three levels – hot zones, warm zones, and cold zones – based on danger levels. In the Parkland shooting, the 1200 building went ‘cold’ – meaning it was safe – as soon as the shooter left the building. But it was 58 minutes before they called it a ‘cold’ zone, thus delaying survivors’ access to emergency care that could have saved lives. Better situational awareness, provided by leveraging CCTV, would have made the difference. If OSHA puts out a white paper on how to protect a facility and you don’t do it and have an event occur, how does that look?" There are a number of other available standards, processes and other documents to guide emergency response. Adherence to best practices can help to avoid liability – and save lives. Ignoring known and well-documented best practices can leave an enterprise vulnerable in the aftermath of an incident. Understanding these principles and best practices can help security equipment companies understand how the benefits of their products can be maximised in this context. Here are some available resources: NFPA 3000, a 42-page provisional standard for responding to an active shooter, addresses all aspects of the process, from identifying hazards and assessing vulnerability to planning, resource management, incident management at a command level, competencies for first responders, and recovery. National Association of School Resource Officers (NASRO) has created Standards and Best Practices for School Resource Officer Programs. PASS (Partner Alliance for Safer Schools) has compiled School Safety and Security Guidelines and a School Security Checklist. Federal Bureau of Investigation (FBI) has released ‘Making Prevention a Reality: Identifying, Assessing and Managing the Threat of Targeted Attacks’. Department of Homeland Security (DHS) has released ‘Planning and Response to an Active Shooter: An Interagency Security Committee Policy and Best Practices Guide’. U.S. Secret Service has released ‘Enhancing School Safety Using a Threat Assessment Model: An Operational Guide for Preventing Targeted School Violence’. OSHA 3148 provides policy guidance and procedures to be followed related to occupational exposure to workplace violence. (OSHA is the Occupational Safety and Health Administration) OSHA’s ‘general duty’ clause requires that each employer furnish to each of its employees a workplace that is free from recognised hazards that are causing or likely to cause death or serious physical harm. “If OSHA puts out a white paper on how to protect a facility and you don’t do it and have an event occur, how does that look?” says Wilkins. “It’s regulatory guidance that you could have followed but didn’t.”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimise internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual data mapping and processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralised data management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system “We are now tracking and recording every single data request in a centralised way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data processing, documentation and risk management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimised our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing a partnership ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilise great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open platform matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-on modules and intrinsic scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open access is key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalogue of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured business ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, key connector in physical security industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realised that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting the Scandinavian management model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone partner ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open business world Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognising there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving school security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organisations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
Keeping the food supply safe was not an issue for Furman Foods back in 1921, when John W. Furman canned 360 glass jars of tomatoes with his wife, Emma, and their six children. Just as food processing practices have evolved over time, so too has the nation’s approach to securing food processing facilities. Today, Furman Foods uses ID cards as the first step of a greater plan to enhance its plant security. Furman Foods is a family-owned business. By 1969, the company had sold a million cases of tomatoes and was complementing its tomato crop with beans, peppers and other vegetables sold under the Furmano’s name. The company’s roots are planted firmly in the soil of the Susquehanna River Valley of Pennsylvania. Despite this remote location, Frank Furman, Vice President of Quality, is ready to take the facility to the next level of security and quality. “The need is here,” he said. “Everything is coming together at once. Not only does security make good business sense, but it also is something we need to do for our customers.” Food safety and security While the company has focused on food safety for many years, the U.S. Food and Drug Administration’s (FDA’s) Bioterrorism Act of 2002 made security a top concern for food producers such as Furman’s. Title III of the act specifically addresses protecting the safety and security of food and drug supplies. In addition, because Furman Foods provides food for U.S. Department of Agriculture (USDA) food programs, it is subject to USDA security measures. Security isn’t new to the company. It began incorporating additional security measures shortly after September 2001. The well heads for the water supply are locked and checked daily, for example, and a third-party security service is on duty during off-hours. Delivery truck doors now must be sealed, the company’s computer systems have new access controls in them, and locks now adorn all bulk storage areas, such as those for corn sweeteners and vinegar, some of the most vulnerable areas in the company. An important part of the security system at Furman’s is a new ID card program Time and attendance tracking An important part of the security system at Furman’s is a new ID card program. “We needed to replace our time clocks,” said Mark Slear, Systems Administrator, “so we took advantage of the opportunity to introduce employee ID cards to track time and attendance.” “I wanted some kind of control so that people who don’t work here don’t get in,” Furman said, “Despite the fact that we are located in a rural area, we still were seeing people here who shouldn’t be here. We had to figure out some way to limit access.” In the past, the company had pre-printed, pre-numbered, bar coded cards for hourly employee access. Employees were assigned a number, but that was it. HID Fargo Printer/Encoder Slear and Furman selected the Fargo DTC550 Direct-to-Card Printer/Encoder with lamination capabilities from ID Wholesaler (www.idwholesaler.com), a Fargo Value-Added Retailer and the largest online reseller of photo ID products. “I looked around quite a bit,” said Slear, “and all of my research kept coming back to Fargo.” Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs" “We determined that Furman Foods needed a higher level of security than a basic photo ID card could offer,” said Shane Stark, Account Manager, ID Wholesaler. “The FDA keeps tight regulations on who has access to food processing areas. Along with using bar codes and magnetic encoding for security measures, Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs. This led us to lamination and a Mylar card, which offers greater durability.” Slear was also interested in the printer’s speed. “When we ramp up during the summer, we produce a year’s worth of product in three months,” he said. “We have to print a lot of ID cards quickly to accommodate our seasonal workers.” Security access cards Furman’s bought the Fargo printer in October, took employee pictures in November and began issuing new ID cards in January. The ID cards contain a full photo, and the program includes all employees, even the extra 300 that are hired during the July-to-October busy season. While tracking time and attendance with the ID cards was the company’s first concern, Slear and Furman were thinking ahead when they chose an ID card printer, knowing that security needs would be enhanced down the road. “We added a magnetic stripe and photo in preparation for future security,” said Slear. “We haven’t defined yet what else we might do, but much of it will be driven by FDA and USDA directives.” “We liked the fact that the DTC550 printer can print on proximity cards if we decide to upgrade our ID cards someday,” said Slear. Furman agreed. “Eventually, we will go to smart cards, especially for the room where our ingredients are mixed,” he said. “We need to limit this area to those who are designated to be there. They will have to swipe an ID card for access. We chose a printer that will allow us to upgrade the cards, knowing that sooner or later we’ll have to go further with security.” Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements" Comprehensive identification solutions “Everything has been going well,” Slear said. “The person printing the cards picked up on it quickly.” Slear gives high marks to ID Wholesaler for their customer service. “Every time I talk to Shane, I get the answers I need,” he said. “He also checks in from time to time, just to see how things are going.” “Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements and their budgets,” said Jennifer Clancy, Marketing Manager, ID Wholesaler. Currently there are three variations to the Furman’s ID cards: yellow background for employees, green background for visitors and blue background for vendors. “Certain vendors are allowed on site without an escort,” said Furman. “For instance, because we are a kosher facility, once a month a rabbi comes in to check our operations. He has his own vendor ID card and is pre-approved, so he can move throughout our facility unescorted.” Facility security One of our big concerns is having someone follow a carded employee into the plant Furman Foods prides itself on its strong values, its quality products, its sustainability and its food security. Yet Furman isn’t satisfied. “We are still not where we should be,” he said. “We have come a long way, but we have a long way to go. If I could wave a magic wand, we would have one entrance, where everybody has to enter and exit. This entrance would be secured by a card reader, so individuals would have to swipe an ID card to get in. One of our big concerns is having someone follow a carded employee into the plant. Restricted areas should require special access cards, and I’d like a fence around the entire facility, with a guard shack where everyone checks in and out,” he further added. Right now, there are multiple entrances for traffic. The facility is very spread out, and the road in front is a public road. Photo ID access card Yet, all agree that the ID cards are an important step on Furman Foods’ journey toward enhanced security. “A safe workplace is fundamental,” said Clancy. “Photo ID cards provide at-a-glance validation that the card wearer is authorised to be on the premises. This is especially important for food manufacturers.” “I tell our employees security is only going to get tighter,” Furman said. “More safeguards will be put in place. We are in the food business. If we don’t have safe foods, we don’t have jobs.”
Round table discussion
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week’s Expert Panel Roundtable: How are standards shaping change in the physical security market?
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?