OutSystems, provider of low-code application development platform, announced that it is the first low-code vendor to achieve two new cloud security certifications – ISO 27017 and ISO 27018. As organisations develop, run and share a higher percentage of their applications on the cloud, stakeholders across the business are trusting platform providers to ensure their cloud-based environments are secure. These certifications demonstrate the high level of commitment OutSystems has to ensuring...
It seems like every day there is another school or public shooting incident in the US. It dominates the news and has become a point of stress and fear for many Americans. According to the US Department of Justice Federal Bureau of Investigation, in 2018 alone, there were 27 incidents across 16 states resulting in 213 casualties. There is a great deal the security industry can do to prevent such violent incidents and preserve life. Protection layers In general, protection should be built in la...
Matrix, global manufacturer of enterprise-grade Telecom and Security solutions, is the first company to get TEC certificate under Mandatory Testing and Certification of Telecom Equipment (MTCTE) launched by TEC, Govt. of India. Mr Ganesh Jivani, Managing Director of Matrix was honored with the TEC certificate from Mr. Anshu Prakash, Secretary Telecom, Government of India at an event organised by TEC at Sanchar Bhavan, New Delhi. IP-PBX and VoIP phones “Having been a global provider of I...
The National Security Inspectorate (NSI), the UK’s global independent certification body specialising in the security and fire safety sector, is delighted to announce it has been granted accreditation by the United Kingdom Accreditation Service (UKAS) for BS EN ISO 45001:2018 - the world’s first International Standard for occupational health and safety (OH&S), replacing the British Standard OHSAS 18001. Workplace health and safety Health and safety in the workplace are of param...
Workforce management systems gather and analyse information and anomalies from security officers in the field. The information ranges from direct observations entered via mobile or desktop apps by officers on duty to reports from cleaning staff, the maintenance department, and CCTV operators. Taken together, the information yields business intelligence and data analytics at no additional cost. Trackforce is a provider of workforce management solutions specific to the security industry and its...
When it comes to emergency planning and response, there is an abundance of resources to help enterprises prepare to mitigate the impact of an incident. The U.S. Federal Emergency Management Agency (FEMA) has devised the National Incident Management System (NIMS), aimed at defining and standardising ways that resources can be used to manage and respond to an incident. An enterprise’s Emergency Operations Plan, or EOP, incorporates NIMS concepts and spells out what to do in an emergency. S...
Cook Security Group (CSG) successfully unveiled its privately branded video surveillance solution, Piko VMS, during their 2019 Technology & Innovation Summit in Portland Oregon. Health monitoring Cook named Razberi Technologies as their hardware partner to provide the intelligent appliance and health monitoring component to the new VMS brand. “While we still have strong relationships with our traditional video partners, we wanted to provide an open cloud-enabled platform to deliver seamless integrations of multiple technologies. This is beyond just video, as we have already integrated with dozens of apps such as analytics, alarm, access control, retail, HR, IoT...the list goes on. All designed to bring our customers efficiencies and give them the technology they’ve been waiting for” states Brian Cook, CEO of Cook Security Group. Three together creates an industry changing solution for our Financial & Commercial Customers" Secure, simple, and open “We are excited because Piko is secure, simple, and open. Secure because all traffic is encrypted including video and outbound only. Simple because Piko is extremely user-friendly, needs no enterprise requirements or complexity, and offers adaptive scaling. Open because Piko offers endless APIs and ways to integrate. Those three together creates an industry changing solution for our Financial & Commercial Customers.“ adds CTO Levi Daily. Integration with mobile interface Piko also includes a wide variety of video analytics and integrations, providing customised notifications, proactive machine learning, and 24/7 health monitoring. “Customers come to us with ideas or pain points and we develop then implement. They drive our solutions and Piko makes it easy” Brian adds. Piko fully integrates with Cook’s secure mobile & online interface, Cook Command Center, and includes 10GB’s of Cook’s Case Management module offering seamless secure sharing with law enforcement or other institutions. Razberi chosen as hardware partner Piko and the ServerSwitchIQ provide everything our customers are asking for" Cook chose Razberi Technologies as their hardware partner, loading Piko on Razberi’s robust ServerSwitchIQ, complete with an integrated server & managed PoE switch. “We chose Razberi based on their solid reputation in the marketplace” states Daniel Smallwood, Cook’s VP of Technology. “They provide CameraDefense built in to combat cyber threats, anti-virus, proactive machine learning, and UL, CE, FCC, & RoHS Certifications.” “They are IP camera agnostic and completely scalable in terms of storage, PoE ports, etc. Piko and the ServerSwitchIQ provide everything our customers are asking for and at roughly half the price of a traditional DVR.” Smallwood adds. Expertise in video surveillance “Razberi’s partnership with Cook is exciting,” said Joe Vitalone, CMO of Razberi Technologies. “Razberi believes it should be easy for anyone to deploy, manage, and cybersecure their enterprise video surveillance system. Cook’s reputation in the financial industry will make it possible for Razberi’s expertise in video surveillance and cybersecurity to continue to provide solutions to financial institutions on a larger scale.”
UK organisations are failing to make progress towards strong cybersecurity and are facing paralysis as cybercriminals become more advanced. This is the conclusion drawn from the findings of the 2019 Risk:Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialised security company and centre of excellence in security for NTT Group. Examining the attitudes of 2,256 non-IT decision makers to risk and the value of security to the business, NTT Security’s annual Risk:Value report researches C-level executives and other senior decision makers across 20 countries in the Americas, Asia Pacific and Europe, including the UK, and from across multiple industry sectors. Impact of cyber attacks on businesses Almost all respondents in the UK believe that strong cybersecurity is important to their business over the next 12 monthsUK respondents are aware of the risks posed by cyber threats, with over half (54 per cent) ranking cyber attacks on their organisation as one of the top three issues that could affect businesses in the next 12 months – second only to ‘economic or financial crisis’ (56 per cent). While global organisations rank ‘loss of company data’ in third place, in the UK, 44 per cent believe that cyber attacks on critical infrastructure is a far greater threat. Of the most vulnerable components of critical national infrastructure, telecoms, energy and electricity networks take first, second and third place. Almost all (90 per cent) respondents in the UK believe that strong cybersecurity is important to their business over the next 12 months, compared to 78 per cent who say the same about ‘growing revenue and profit’, while 93 per cent believe cybersecurity has a big role to play in society. According to the report, strong cybersecurity allows UK organisations to ‘ensure the integrity of their data’ (58 per cent) and ‘ensure only the right people have access’ to this data (56 per cent), while around half say it ‘helps protect the brand’. Good and bad practice in cybersecurity Businesses in India, a new country to the research, are now the best performing in the world for cybersecurityFor each organisation in the research for the last two years, NTT Security has analysed the responses for good and bad practice in cybersecurity, with good practice awarded positive scores and bad practice awarded negative scores. The results show a worrying lack of progress globally: in 2019 as in 2018, the average score was just +3, meaning that there is nearly as much bad practice as good practice. Thirty-two per cent of businesses score less than zero: that is, they are exhibiting more bad practice than good practice. Businesses in India, a new country to the research, are now the best performing in the world for cybersecurity, ahead of the UK. The performance of organisations in France, Germany and Singapore has worsened in the last year, as has the performance of the financial services, telecommunications, chemicals, pharmaceuticals, oil and gas and private healthcare sectors, placing doubt on the robustness of critical national infrastructure. Areas where UK organisations are stalling Paying cybercriminals: A third (33 per cent) of UK respondents say that they would rather pay a ransom to a hacker than invest more in security because it would be cheaper, a significant rise of 12 per cent over 2018’s Risk:Value report. In addition, 34 per cent said they would rather pay a ransom to a hacker than get a fine for non-compliance of data regulations. Budgets: Security budgets in the UK are potentially failing to keep up with increasing cyber risk, with the percentage of IT budget attributed to security (15 per cent) in line with the global average. The percentage of operations budget spent on security has fallen by around 1 per cent since 2018, to 16.5 percent in 2019. GDPR compliance: Just 30 per cent globally believe they are subject to GDPR, a year on from the deadline, despite it affecting all organisations that have operations or customers in any European Union member state. The UK is a more respectable 48 per cent – still behind Spain (55 per cent) and Italy (50 per cent). Internal security policies: Businesses are still failing to be proactive internally. At a global level, 58 per cent have a formal information security policy in place, just 1 per cent up over last year. While the UK shows an impressive 70 per cent with a policy in place, this is down on last year’s 77 per cent. Less than half (47 per cent), however, admit that their employees are fully aware of such a policy. Incident response plans: In 2019, 60 per cent of UK organisations have an incident response plan in place in the event of a security breach, a 3 per cent drop. However, this is still above the global average of 52 per cent and among the highest figures across all 20 countries. Blaming IT: Around half (44 per cent) of UK respondents believe cybersecurity ‘is the IT department’s problem and not the wider business’, which is in line with the global average of 45 per cent. While Swedish organisations are most likely to blame IT (60 per cent), Brazil is least likely (28 per cent) to do so. Time spent on recovery from cyber breach The cost of recovering from a breach is estimated to be $1.2 million in the UK, matching the global averageThe 2019 Risk:Value report reveals that the time spent on recovering from a cyber breach continues to rise year on year, with UK respondents estimating that it will take 93 days on average to recover. The UK figure is a significant rise of nearly double over last year’s estimated 47 days. The UK now ranks as one of the highest figures globally compared to one of the lowest in 2018. The cost of recovering from a breach is estimated to be $1.2 million in the UK, matching the global average. Notably in the Nordics, costs are predicted to be much higher, with Norway at $1.8 million and Sweden in first place with expected recovery costs for a business suffering a breach of $3 million. Oil & Gas is the industry sector having to spend the most on recovery efforts to the tune of $2.3 million. The estimated loss in revenue in percentage terms is up year on year in the UK – 12.9 per cent, up from 9.7 per cent in 2018, and in line with the global average of 12.7 per cent. Integration of new technologies The execution of cybersecurity strategies must improve or business risk will escalate for the organisations concerned"Commenting on the 2019 findings, Azeem Aleem, VP Consulting, NTT Security, says: “The Risk:Value report is an interesting barometer based on responses from those sitting outside of the IT function – and is often very revealing. What’s clear is that the world around them is changing, and changing fast, with the introduction of new regulations, integration of new technologies and fast-paced digital transformation projects changing the way we work. "What’s concerning though is that organisations seem to have come to a standstill in their journey to cybersecurity best practice – and it’s particularly worrying to see UK businesses falling behind in some critical areas like incident response planning. “Decision makers clearly see security as an enabler; something that can help the business and society in general. But while awareness of cyber risks is high, organisations still lack the ability, or perhaps the will, to manage them effectively. The execution of cybersecurity strategies must improve or business risk will escalate for the organisations concerned.”
Ping Identity, global provider of identity defined security solutions, has announced updates to its data governance solution, PingDataGovernance, to better manage data security and privacy requirements for APIs and user profiles. Today’s enterprises manage many different APIs on average, meaning sensitive consumer data like banking information and healthcare records are increasingly vulnerable. This rapid growth of APIs and third-party API traffic necessitates fine-grained data protection. These latest enhancements help enterprises build consumer trust and enable seamless and secure experiences for their customers. PingDataGovernance data protectionThe updates to PingDataGovernance address the needs with two main changes - data protection in APIs and drag-and-drop GUI The updates to PingDataGovernance, which are generally available this month, address these needs with two significant changes. The first is customer data protection in APIs as part of an advanced API security program. The second is a drag and drop graphical user interface (GUI), allowing business users to collaboratively author and test policies with a visual policy tree. With this additional functionality, customers can address several organisational challenges, including: Conflicting Forces: Often, enterprises can experience conflicting forces among the stakeholders contributing to the complexity of securing consumer data. Data privacy regulations, users themselves and various business units within an organisation all have different requirements for accessing and protecting data. With the new GUI, PingDataGovernance accounts for these forces by providing an externalised authorisation platform for gathering and reconciling independent policy requirements to help ensure every party is satisfied and data is secure. Empowerment of Stakeholders: Ping Identity understands developers don’t want sole responsibility for security, which is why this latest update eliminates the burden of database administrators and API developers to gather and reconcile policy requirements. With the new GUI, policy authors are able to visually test policy decisions based on dynamic inputs, using any number of attributes, including real-time risk scores, data source lookups, and more. Fine-Grained Policy Control: With consumer data security in mind, PingDataGovernance gives enterprises centralised, fine-grained control over who has access to all user-related data. While this control has always applied to data within user profiles, it now extends to access and filter data in APIs—providing a new layer of governance. Users can now securely expose data to delegated individuals, define what specific data others can view and edit, and filter and remove unauthorised data. “We have been using PingDataGovernance for some time now and we're eager to begin using the new graphical user interface for collaborative visibility and drag and drop policy administration,” said Mike Mayfield, Head of Directory at the Open Banking Implementation Entity (OBIE) of the UK.
ONVIF, a global standardisation initiative for IP-based physical security products, announced that its Export File Format, the ONVIF specification for the export of video from security surveillance recording platforms, is the new standard recommended by the National Institute of Standards and Technology (NIST) for the exporting and playback of video surveillance recordings. In a research project commissioned by the FBI to aid law enforcement in forensic investigations, NIST worked in conjunction with ONVIF to adopt the Export File Format to serve as the FBI’s new minimum interoperability requirements for exporting and sharing video clips, streamlining the playback process of video from different video recording platforms from different vendors. Aid forensic investigation The ONVIF Export File Format will enable law enforcement as well as private users These files are often exported in different proprietary formats, making it difficult for law enforcement to collect, correlate, and analyse the video data, as demonstrated by the 2013 Boston Marathon bombing, where more than 120 FBI analysts reviewed in excess of 13,000 videos before discovering key evidence in the footage. The NIST recommendation is published as NISTIR 8161 revision 1, which replaces revision 0. The ONVIF Export File Format will enable law enforcement as well as private users to more quickly and efficiently conduct forensic investigations using video of an incident from multiple sources – both private and public – regardless of what recording system originally captured the video. Export File Format will also be part of new worldwide standards to be published this year by the International Electrotechnical Commission (IEC) on the use of video surveillance systems in security applications, increasing the applicability of this standardised format on a global scale. Technology interoperability “This is a major step toward harnessing the massive amounts of video evidence, produced by IP-based video surveillance systems, that can be available to law enforcement in the event of a major incident, as well as to any user of a video recording system in need of faster and easier access to multiple video files,” said Per Björkdahl, chairman of the ONVIF steering committee. The NIST report addresses technical details as the use of MP4 as the standardised file format “We were very pleased to offer our expertise, specifically from our technical experts Dr. Hans Busch and Stefan Anderson, and have our work toward interoperability be validated in this way by the global standards and law enforcement communities.” The NIST report addresses technical details as the use of MP4 as the standardised file format and includes support for video codecs H.264 as well as and future variants to ensure video quality. Exported video must contain standardised, UTC clock timestamps that correspond to each video frame, with a recorded export system UTC clock time, with a reliable external reference time that is determined at the time the video is exported. Exported metadata information ONVIF is an industry forum driving interoperability for IP-based physical security products Using the ONVIF Export File Format will also provide useful exported metadata information (e.g. recording equipment used, export file creation time and name of export operator), as well as allow the video file to be digitally signed to ensure the chain of custody for evidentiary purposes. Founded in 2008, ONVIF is a leading and well-recognised industry forum driving interoperability for IP-based physical security products. The organisation has a global member base of established camera, video management system and access control companies and more than 12,000 profile conformant products. ONVIF offers Profile S for basic streaming video; Profile G for edge storage and retrieval; Profile C for door control and event management; Profile Q for quick installation, Profile A for access control configuration and Profile T for advanced video streaming. ONVIF continues to work with its members to expand the number of IP interoperability solutions ONVIF conformant products can provide.
Craig Birch, Product Category Manager at UNION, outlines what the new grade 5 for BS 8607 includes, why it has been introduced and the benefits that it can help deliver. At present, mechanically operated push button locksets are not typically security products, but rather access control ones. For example, think about the last time you went to your local doctor’s surgery. No doubt there will have been a lock on the door behind the receptionist, protecting the sensitive information they hold – a demand that has become only more critical with the introduction of the new General Data Protection Regulation (GDPR). However, the truth is that the lock protecting the restricted area in question is probably little more than a tubular latch. Essentially, it’s not a security device, but rather one that is used for convenience to simply meet the access control needs of a site. BS 8607 standard for push button lockets BS 8607 offers a series of grades that the push button locks can meet for strength and robustness However, BS 8607 – a standard for mechanically operated push button locksets – offers a series of grades that these locks can meet for strength and robustness. Introduced only recently, grade 5 is the newest and most stringent level for delivering assured security and access control. But what does it offer that grade 4 does not? The British Standards Institution (BSI) states that BS 8607:2014 specifies the requirements and test methods for durability, strength and function for mechanically operated push button locksets and their locking plates for use on doors, windows doors and entrance doors in buildings. Grade 4 and 5 of BS 8607 Both grade 4 and grade 5 of BS 8607 stipulate that products meeting these standards must be suitable for ‘applications where security, abuse and usage levels are expected to be equivalent to BS 3621’, which relates to thief-resistant locks. But if the security, abuse and usage levels are the same, what then is the difference between the two grades? Significance of integral locking units Put simply, those rated as grade 4 can only achieve this standard with the help of an integral additional locking unit. So, with a grade 4 product, users must lock and unlock the solution from the inside with a key, and then operate the push button from the outside to unlock a door. In contrast, a mechanically operated push button lockset that meets grade 5 standards provides a ‘one-stop’ security and access control solution; one that does not require a separate locking unit. In short, with a grade 5 product the latch and lock are integrated and tested together, without the need for an additional key. The result is a solution that offers keyless egress. This means that, when it shuts, a grade 5 solution automatically locks. Then, should you need to exit a room, it’s simply a one handle operation to unlock the door. Automatic locking solutions With a grade 5 solution, security is assured as the door will lock automatically While it’s intended that both grade 4 and 5 devices offer the same resistance to attack and it’s simply the way it is locked that is different, the fact that a user has to physically lock a door themselves with a grade 4 product means the technology is reliant on key holders to secure the premises themselves. Ultimately, users have to take responsibility and ownership for the security of a site. But with a grade 5 solution, security is assured as the door will lock automatically. Essentially, grade 5 has been introduced because it provides a BSI Kitemark approved certification. This means any mechanically operated push button locksets advertised as meeting grade 5 standards will be fully tested and inspected to this certification, offering complete peace of mind to users, installers and specifiers. Grade 5 electronic locking solutions As a result, there is no question that a grade 5 product will meet the security and access control needs that so many commercial environments demand. A grade 4 product is reliant on an additional locking unit that meets BS 3621 being used too, whereas a grade 5 solution delivers assured protection and access control in a single package. Finally, the BSI Kitemark for a grade 5 solution is an official stamp of approval for the quality of the service offered. To date, it is this combination of security and convenience that has not yet been seen in mechanically operated push button devices. Grade 5 of BS 8607 looks set to change all that.
Many Euralarm members and other interested people gathered on May 13th, 2019 in Madrid for the annual Euralarm Symposium. It was the moment that Euralarm presented its priorities and challenges for the upcoming years. General Director Paul van der Zanden introduced Euralarm’s new strategy document for 2019 to 2024 to the audience by putting it into perspective with the developments within Brussels. Fire safety and security industry There is so much going on in Brussels that is not communicated. Members of Euralarm are European citizens, whose profession in fire safety and security has made them leaders in their business based on knowledge. Their leadership is underlined by trusted and proven partners like Orgalim, CEN, CENELEC and key stakeholders from the EU, such as several Directorates General. The world in which Euralarm operates and especially the part that is involved in standardisation is complex. The world in which Euralarm operates and especially the part that is involved in standardisation is complex And apart from the complexity there are big changes going on in the field of technology and economy that shake up the world of standardisation. Think of cybersecurity or artificial intelligence and it will be clear that associations like Euralarm need to act in a swift and decisive way. Based on its current position and on the strategic objectives of the association a number of priorities and challenges have been defined for Euralarm in the new EU legislative period 2019 to 2024. They are based on Europe-wide cooperation and will enable Euralarm to maintain and further improve its position in Europe. The four priorities and challenges were topic of the opening presentations that were held by Lance Rütimann, Chair of the Fire Section, Peter Massingberd-Mundy, member of the Fire Section and involved in many of the standardisation activities of Euralarm, Jon Koenz, Chair of the Services Section and Dominique Taudin, Chair of the Advocacy Committee. Lance Rütimann’s presentation focused on Innovating through Research Fire safety solutions for life safety Lance Rütimann’s presentation focused on Innovating through Research. He opened his presentation with a philosophical view – the Socratic Paradox - that there's a wealth of knowledge in so many areas, but yet we have still so much to learn. That is what research is all about: helping us to understand things and see behind the curtains for new solutions. What has that to do with the association's priorities? Our industry wants to stay leader in our business. That requires research, collaboration and cooperation. Our industry wants to stay leader in our business, which requires research, collaboration and cooperation We have to stimulate others to bring their support to the table. Together, we can identify the opportunities and understand the risks of emerging technologies. It requires investigating common challenges in the application of fire safety and security solutions to gain new insights on protection of life and assets in buildings. Therefore, we should also examine which qualifications, skills and expertise are needed in our industry and act on the findings. In order to make that happen, Euralarm urges the EU institutions and research bodies to work together. By developing partnerships between industry, testing houses, universities and research institutes priority areas could be identified more easily, and efforts coordinate more seamlessly. It would enable all parties to maximise the potential of EU research programmes under Horizon 2020 and its successor. Fast, flexible products standardisation Peter Massingberd-Mundy took up the gauntlet of talking about fast and flexible standardisation. The title may seem to encompass both a contradiction and an oxymoron, but standards are at the core of everything we do. With a world that becomes more and more connected, standards need to allow for this connectivity as well as being well connected and clearly structured in themselves. Robust standards for products and services are at the heart of our industry’s success but to continue serving the interests of customers, society and the industry, a faster and more flexible standards-setting system is needed. Peter Massingberd-Mundy took up the gauntlet of addressing fast, flexible standardisation A system that is agile and accommodating of technical changes and innovations will help Euralarm members and other parties to respond rapidly to customers’ demands and deliver the highest levels of safety and security to citizens. This would put European companies on the best footing to serve global markets. Such a fast and flexible standards-setting system requires close cooperation between the key players — Euralarm, European Commission, standards organisations, approval bodies and other organisations — who together can write the standards that will deliver the highest quality products and services as efficiently as possible. Furthermore, Euralarm urges the EU institutions to work together to deliver an efficient system that responds to market needs. Among the areas where progress would be required over the next five years are the setting, improving or extending of standards; for interoperability between building systems, between remote services, for the residential market (e.g. combining security and home-assisted systems) and for the competency of personnel and the quality of the services they provide. Cybersecurity, IoT and AI Whether active in fire safety or security, the building and construction industry or process automation: digitalisation is all around us Whether active in fire safety or security, the building and construction industry or process automation: digitalisation is all around us. It has an impact on our industry but also offers opportunities and challenges. How to seize these opportunities of digitalisation was the topic of the presentation that was given by Jon Koenz. Digitalisation is already having a huge impact on our industry and this trend will continue to grow in the future. New technologies such as cybersecurity, the Internet of Things (IoT) and Artificial Intelligence (AI) will drive this trend to become more and more crucial for our sector. All participants in the value chain need to be sensitised to the importance of increasing resilience in the face of cyber-attacks. At the same time, the potential of AI needs to be carefully assessed to maximise opportunities this technology offers. That is only possible when knowledge partners such as Euralarm and EU institutions work closely together. That cooperation will allow them to make rapid progress on a Europe-wide voluntary certification mark (quality label) that shows that all reasonable protection measures against cyber-attacks have been taken. That cooperation is also needed to advance work on standards for cybersecurity, IoT for fire and security systems and Building Information Modelling (BIM). Last but not least, the parties involved should cooperate to promote education as an investment in the future. Dominique Taudin discussed the current landscape for testing and certification of fire products Fragmented certification landscape The fragmented landscape for testing and certification of their products and services was the topic of the presentation of Dominique Taudin. Since Euralarm members are facing this landscape they are charged with higher costs since they have to submit multiple applications in several countries for the same product or service. But there are more than just costs. There is also the risk of having an inconsistent approach to testing and certification across the EU. This situation could be improved by the introduction and use of pan-European testing, auditing and certification processes. Not only would it reduce administrative burdens but also save costs for fire safety and security companies, many of which are small- and medium-sized enterprises. It would also help achieving real EU’s single market for fire safety and security. But there is also another, perhaps more important aspect when it comes to the future of European companies. Euralarm calls on stakeholders to intensify work between leading laboratories on MTRA A European wide process would allow companies to avoid uncertainty and encourage investment if they only had to submit their products and services for testing and certification to a single authority. To turn this fragmented landscape into a uniform and organised environment Euralarm wants to cooperate closely with EU institutions, test laboratories and certification bodies. It should result in achieving consistent, objective and repeatable processes for testing across Europe and, over the longer term, developing a single testing and certification scheme for electronic security equipment. Multilateral Test Result Recognition Agreements In the short term, Euralarm calls on stakeholders to intensify work between leading laboratories on Multilateral Test Result Recognition Agreements (MTRA). Fore services, the transition process from a fragmented to a consistently organised environment will require a better exchange of information about national training and certification schemes for the personnel involved in planning and design, engineering, installation and hand over, maintenance and repair of fire safety and security systems. Keynote speaker during the Euralarm Symposium 2019 was Alberto Garcia-Mogollon, Head of Innovation Policy of BSI. He took the visitors on a 'tour' during his presentation on building confidence and accelerating innovation through standardisation. With a new generation of products and services requiring the integration of complex, digital technologies and new production processes that need to scale up at faster rates the role of standardisation is expanding rapidly. It fulfils the ever-increasing need to demonstrate confidence in performance. Alberto Garcia-Mogollon spoke about a strategic approach to reaping the benefits of standardisation Reaping the benefits of standardisation To maximise the benefits from standardisation, Alberto proposed to have a strategic approach. The type of standards may vary according to the maturity and nature of technology and the industry sector where it applies to. The standards process itself should be agile. With the right value proposition based on outputs and services a fit-for-purpose set of standards can be developed to be used across industries with different characteristics. Alberto proposed a process of fast iterations with faster development times and publication schedules To maximise the value from and creating value for the communities engaged in standards development there should be a collaborative approach toward the content development. And by creating a state-of-the-art environment for standards development, the efficiency, speed and ease of use are ensured. In relation to the needs of innovative industries, Alberto proposed a process of fast iterations with faster development times and publication schedules for each iteration, an output that is designed to elicit feedback and discussion and enhanced feedback from the user community to aid development, improving speed and quality. Self-regulating autonomous standards Important to remember: the future of standards is digital, with self-regulating autonomous standards fed in real-time by data from 'smart' devices, potentially connected to smart contracts, e.g. leading to continuous conformance or regulatory audit. For accelerating innovation through standardisation, it is important that both the technology landscape and industry needs are understood and that coordination across fragmented international knowledge networks is realised. Also, innovators should be educated on the role and value of standards while mechanisms should be developed to encourage participation of end users and SME’s and enabling public participation and oversight.
The oil and gas market is driven by a number of technology trends, political issues, waves of supply and demand, and regulations. At times, it seems like the market is in a constant state of ebb and flow, with business affected by traditional drivers, such as government mandates and operational efficiencies, and other non-traditional markers, like challenging weather conditions (consider the 2017 hurricane season as an example). Additionally, the global economy continues to grow, propelling increased energy demand. But like nearly every other market today, the oil and gas market is on the brink of a sea change. According to Deloitte’s 2018 outlook on oil and gas, “the digital revolution is here.” The sheer volume of information and data generated by digital devices, such as those associated with the Internet of Things, will allow producers to leverage rich data and combine it to deliver smart, efficient solutions. The rise of digital technologies is unleashing new ideas across the oil and gas industry and even though we are in the beginning stage of being able to harness the power of these types of technologies, innovative ideas are emerging — all designed to support the core business, reduce internal investments, deliver products faster, boost efficiencies, and enhance safety. Maximised operations and increased ROI This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand This is welcome news because there are a number of challenges facing the oil and gas industry, from improving reserve replacement and ensuring workplace safety to reducing operating costs and limiting downtime. All of these objectives must be achieved while maximising operations and increasing overall return on investment. Never has it been more crucial for critical infrastructure organisations to demonstrate a focus on safety, security, and collaboration. Here's why: Growth and demand According to the U.S. Energy Information Administration, world energy consumption will grow by 56 percent between 2010 and 2040. This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success. Compliance Continuous demand is only one challenge; compliance with industry and government regulations is another significant hurdle that must be maintained or there is risk of production shutdowns. For example, the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) impose comprehensive federal regulations for high-risk chemical facilities, requiring organisations to conduct vulnerability assessments. This is just one of many regulatory procedures sites must follow to conform to environmental protections, safety precautions, and safe handling of hazardous materials. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success Threat protection, mitigation, and collaboration In addition to meeting the requirements of regulatory procedures, mitigating risk in this industry propels leaders to develop stringent strategies to ensure robust protection of people, property, and assets, effective and efficient response to incidents when they occur, and procedures and protocols to ensure business continuity in emergency situations. Energy providers require comprehensive safety planning and technology systems that can augment the capabilities of on-site and remote personnel. In recent years, video solutions have become the standard for monitoring facilities, assets, and employees, and now these organisations require enterprise-class solutions that can help gather intelligent data that allows for enhanced security and safety efforts but also focus on processes that enhance operational efficiencies. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market IT security is also a concern. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market. An IT breach can cause operational havoc, risk to the public, and damage to an organisation’s brand. Adopting a continuous improvement approach to a security strategy safeguards and helps protect valuable company information and reduces the likelihood of an incident. Also, collaboration between IT and physical security leaders and the correlation of both departments' data makes it much easier to identify a potential breach before havoc ensues. The digital age With the rise of the digital revolution and the demand for data to improve insight, oil and gas producers and businesses need to find new ways to capture data, correlate it as needed, and then leverage it to make the most informed decisions. Software platforms are being used in a wide variety of applications to provide a single pane-of-glass view that allows operators to gain critical insight into operations. By collecting intelligence from digital sensors, such as video surveillance cameras, open-source Web intelligence, building systems, crowdsourcing, weather sensors, mobile devices, and more, operators can detect potential risks and manage and respond to situations more efficiently. Furthermore, information can be shared easily with multiple agencies, employees, citizens, and first responders — especially valuable in the event of a safety incident where rapid response is paramount. By creating a single enterprise-wide view across disparate systems and technologies, organisations experience improved response times, lowered operational costs, and increased employee safety. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically Traditional command centers Intelligent solutions, such as those derived from the idea of artificial intelligence, help organisations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command center technologies within the oil and gas industry, fusing critical data input from emergency calls and responder activity to enhance situational awareness. With traditional command centers relying mostly on call and radio updates, visibility can be limited, but new digital platforms enable operators to oversee a situation and engage with and direct the response force. Overall, these types of automated functions deliver a simplified and modernised operating environment. The future is the Intelligent SOC Oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets All of these digital solutions are designed to take center stage within the Intelligent Security Operations Center (ISOC). To combat advanced, multi-stage threats, oil and gas facilities are transforming the traditional SOC into the next-generation unified ISOC with an integrated platform for detection, investigation, communication, and response. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically. Energy providers operate in challenging, fast-moving environments in which opportunities, requirements, and regulations can vary widely, change quickly, and evolve significantly over time. As the idea of the digital age continues to transform this market, new technologies will be more widely used to improve business operations from exploration and extraction to transportation and distribution. With the right technology, strategic partnerships, and enhanced situational awareness, oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets, while continuing to focus on achieving business goals that will sustain supply and demand for years to come.
According to the reports of not-for-profit organisation Gun Violence Archive, the year 2018 has seen 323 mass shooting incidents as of November 28 in the United States. This number is 346 for the year 2017 and 382 for 2016 (more statistics are available here), with “mass shooting” defined as cases where four or more people are shot or killed in the same time period and location. While definitions of mass shooting vary with organisations in the US, the count of over 300 incidents per year, or about once per day on average, is simply alarming. It raises public safety concerns, ignites debates and protests, which in turn lead to public unrest and potentially more violence, and increases costs for governments from the regional to federal level. Most importantly, the loss of lives demands not only improvement in post-incident handling and investigation, but also new prevention technologies. Gunshot detection solutions AI weapon detection offers a more efficient alternative to prevent active shooting There are several gunshot detection solutions in the security market, commonly used by law enforcement agencies to detect and locate gun fires. These systems function based on acoustic recordings and analyses and often in combination with signals detected by sensors of the optical flash and shockwave when a gun is fired. However, gunshot detection by nature dictates that the law enforcement can only react to a shooting incident that has occurred. With fast action, law enforcement can prevent the incident from escalating, but lives that are lost cannot be recovered. With the development of artificial intelligence in object recognition, AI weapon detection offers a more efficient alternative to prevent active shooting: AI can visually detect guns based on their shapes before they are fired. The AI is trained to recognise firearms in different shapes, sizes, colours, and at different angles in videos, so that the AI weapon detector can be deployed with existing cameras systems, analyse the video feeds, and instantly notify security staff when a gun is spotted. Comparison of the advantages for law enforcement and public security agencies Legacy gunshot detection using sensors AI weapon detection Reactive measure: detect after guns have been fired Proactive measure: detect before guns are fired Time to action: within 1 second Time to action: within 1 second Unable to provide visual data about shooter(s) Can provide data about shooter(s) based on the camera recording: clothing, luggage (backpack, handbag, etc.), facial features, vehicle Unable to track the location of the shooter(s) before and after shooting because of the lack of sound Can track the shooter(s) using AI Person & Vehicle Tracking, AI Face Recognition, and AI License Plate Recognition False detection caused by similar sound such as fireworks and cars backfiring Minimal to no false detection, as AI can distinguish different types of handguns and rifles from normal objects (umbrella, cellphone, etc.) Require physical deployment of gunshot detection sensors Can be used with existing camera systems, do not require special hardware Complicated to deploy, require highly trained professional Easy to deploy as an add-on to existing video surveillance system - Can integrate with gun-shot detection to create a “double knock” audio and video active shooter alert system Gun-shot detection advantages In addition to advantages for law enforcement and public security agencies, this type of visual-based pre-incident detector has three-fold advantages for the public: Save lives by spotting the shooter before the shooting event. Minimise the chaos entailing an incident: panic and chaos caused by a shooting incident often adds to injury, as people run, fall, trample on others… With an AI weapon detector, when a gun is spotted, the system sends an alert to security staff, who can quickly control the situation in an organised manner and apprehend the intending shooter. Can be added as a SaaS (Security as a Service) component to small business and home surveillance systems, e.g., intrusion detection alerts (home invasion incidents with firearms number over 2500 per year nationwide). For a complete active shooter detection system, video-based AI detector can operate in conjunction with gunshot detectors for enhanced security. Traditional X-ray based weapon detection or metal detection entrance systems are complicated and expensive; with AI video technology, active shooter detection system can be cost-effective, and after all, what price tag can one put on a life? Written by Paul Sun and Mai Truong, IronYun
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
The Electronic Security Expo (ESX) will be held at the Indiana Convention Center, June 3-6, in Indianapolis. The show focusses exclusively on the electronic security and life safety industry, including companies that service the connected Internet of Things (IoT) space for homes and businesses. The ESX Main Stage will highlight inspirational presentations from motivational speakers, Dr. Rick Rigsby and Kevin Brown. In addition, there will be a founder of a drone security company and an Entrepreneur-in-Residence from Kleiner Perkins for OpenXchange, and a Secret Service agent for the Closing Keynote. Sharing best practices and trends In breakout sessions, colleagues and business thought leaders will share best practices, trends and opportunities that helped their own companies and careers, so that others might replicate their successes or minimise their failures. These sessions are aimed at propelling attendees to reimagine their business models and go-to-market strategies, says George De Marco, Chairman of ESX and Managing Partner for DECO Ventures LLC. Examples of breakout sessions include: CounterPoint Forum – “False Alarm Dispatches - A Real Threat or a Nuisance to the Industry?” “Top 3 Ways to Grow Your Video RMR” “5 Faster, Smarter Ways to Improve Cash Flow” “Artificial Intelligence Real Time Video Monitoring Solutions” Promoting security professionals’ growth Our goal is to develop next-gen methods that deliver industry content and promote professional growth"“Each year, we challenge ourselves to raise the bar of the educational sessions and main stage events,” says De Marco. “One of the ways is introducing new faces and voices for the peer-developed and peer-driven educational sessions that offer best practices and identify trends, opportunities and challenges for industry professionals to consider today and in the future. Our goal is to develop next-gen methods that deliver industry content and promote professional growth as the industry pivots to the future.” New entrants and disruptors are challenging traditional go-to-market strategies, causing traditional companies to rethink how they rise above the noise in a changing competitive landscape and handle new consumer buying behaviours, says De Marco. Exhibitors at ESX Exhibitors that support ESX include Interlogix (Diamond sponsor), Napco (Platinum sponsor), Alula and DMP (Gold sponsor), and ADI, Altronix, Bold Group, Essence, ICT, Quick Response, Resideo, Secura key, Security Central and WeSuite (Silver sponsors). ESX seeks to connect exhibitors with the influencers and decision-makers from companies that represent a cross section of dealers, integrators and monitoring companies in North America. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s impressive convention centre. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s convention centre “We recognise individuals and companies during the Opening Celebration that help propel the industry forward and at our VIP Event at the Indianapolis Motor Speedway,” says De Marco. “During the day, there are meals around the Main Stage sessions which gather attendees around the table for casual conversation before the presentation begins.” Indianapolis, home of the Indy 500, is a unique location that has a lot to offer the attendees of ESX. A special night at the Indianapolis Motor Speedway will invite a limited number of guests to share great food and drinks, to experience a trip around the track in an official pace car, and to ‘kiss the bricks’, a speedway tradition. Centrally located in the US, Indianapolis is a convenient convention destination for travel, whether flying or driving. Connecting with peers and colleagues Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small There are also networking opportunities throughout the week. The Pub Crawl, an attendee favourite, is a night where long-time friends gather, and new friendships are made. “This is where the real conversations happen between peers and colleagues about real problems of running and growing a company, and solutions that can make a difference,” says De Marco. Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small players. This enables professionals to come together to connect with their peers and colleagues, allowing for deep discussions on how to grow their people, revenues and profits, including mentoring opportunities that encourage leadership development, says De Marco. The subject of finding qualified employees is top of mind for almost every industry today, especially the security industry. Sessions that address hiring and managing employees for industry professionals include “Hiring from Outside the Monitoring Industry: Surprising Resources for Great Operators” “Maximise New Employees: Why Onboarding is Critical to Their Success” “5 Tips for Effective Employee Performance Evaluations” Helping attendees to reinvent their business “Our focus is primarily on the attendee, helping them connect with suppliers, colleagues and opportunities that reimagine their businesses, so they can be stronger competitors,” says De Marco. “If we can provide the right knowledge to inspire or transform the attendees to take meaningful action or implement change that helps them remain relevant, we believe we have succeeded.” There will be an undercurrent of sadness at ESX this year because the industry recently suffered a loss. George Gunning, former CEO of USA Alarm Systems and one of the founding members of ESX, passed away in February. “We would be remiss if we didn’t recognise his contributions and influence on the industry and ESX over the years,” says De Marco. Another founding member of ESX who has passed away is John Murphy, formerly CEO of Vector Security.
Simultaneous suicide bombings at several churches and hotels in Sri Lanka on April 21 were of a scale, sophistication and level of coordination that hasn’t been seen since 9/11. Nine suicide bombers targeted three churches and three hotels on Easter morning, and the resulting casualties numbered 359 dead, including 45 children, and about 500 injured. The complexity of the attacks suggests the bombers received help from an outside organisation, likely the Islamic State (IS). Sadly, security warnings from Indian intelligence officials, which might have helped to prevent or minimise the attacks, were ignored by Sri Lanka security weeks earlier. In the wake of the massacre, two of Sri Lanka’s top security officials were asked to resign, and Sri Lanka’s president promised to completely restructure state security. Contradiction to the terrorism report The twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacksA motivation for the Sri Lanka tragedy is thought to be the March 15 shootings at two mosques in Christchurch, New Zealand, where 50 people were killed and 50 more were injured. A 28-year-old Australian white supremacist was arrested and charged with murder. Taken together, the twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacks, as documented in a recent report. The suicide bombers in Sri Lanka were eight men and one woman, most of them well-educated and coming from the middle or upper class. One was the leader of National Thowheeth Jamaath, the homegrown militant Islamist group the government has blamed with carrying out the attacks. There is also evidence to corroborate a claim of responsibility by IS. Some 60 people have been arrested in the investigation. Even days later, police continued to find explosives and said there was still danger. Multiple attacks One explosion on Easter morning occurred at St. Sebastian’s Church in Negombo, 20 miles north of Colombo, where more than 100 were killed. Another bomb killed 28 people at the Zion Church in Batticaloa, and an unknown number died at St. Anthony’s Shrine, a Roman Catholic church in Colombo. The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury. Two more explosions happened Sunday afternoon, one at a small guest house and another at the suspects’ safe house, where three officers were killed. Security at houses of worship has been a high-profile concern in the United States in recent years following incidents such as an attack at Emanuel African Methodist Episcopal (AME) Church in downtown Charleston in 2015 that killed nine people. Just last October, 11 people were killed and six others injured in a shooting at a synagogue in Pittsburgh. Hardening security at churches “It’s no longer enough to pray for a safe and secure environment,” commented Patrick Fiel of PVF Security Consulting in an Expert Panel Roundtable discussion. “Churches are soft targets. Clergy and parishioners will need to work closely with security consultants and local law enforcement to harden their facilities.” Access control, CCTV solutions and mass notification systems are all helpful and can be placed unobtrusively so as not to interfere with aesthetics of the church, Fiel adds. The scale and scope of the bombings in Sri Lanka provide a wakeup call to the global likelihood of terrorist attacksIt doesn’t appear technology would have made much difference in the case of the Sri Lanka attacks, although awareness and vigilance can have an impact. At Zion Church in Batticaloa, for example, a bomber was stopped by pastors from entering the congregation area where some 500 people gathered. Because of their suspicions, the bomb was instead detonated in a courtyard where children were eating breakfast; 28 people died. The scale and scope of the bombings in Sri Lanka provide a dramatic wakeup call to the continuing global likelihood of terrorist attacks. The last territory of the Islamic State in Syria fell in March, but IS and its ideology live on, and continue to be a global terrorism threat. And that’s just one among many possible sources of terrorism worldwide. Hopefully, the recent incidents do not foreshadow more attacks that are even more deadly.
As the Internet of Things (IoT) and other trends drive the convergence of physical and information security, integrators and end users attending ISC West may be struggling to keep pace with new areas of responsibility and expanding roles in the larger security ecosystem. Help is here. The Connected Security Expo, co-locating with ISC West, focuses on building a holistic security strategy for the connected enterprise. Exhibitors will focus on how physical and information security can be used together to mitigate new and emerging cyber-threats in a hyper-connected world. Connected Security Expo provides attendees access to cutting-edge products and technology in both the physical and IT secure realms. It is clearly a growth factor in the market. Here’s a look at some of the companies on display in the 2019 Connected Security Expo: Integrated video cloud service The AI-powered video analysis software suite delivers high-speed object search and facial classification Arcules provides the Arcules integrated video cloud service, which combines untapped video and sensor data with the latest technologies in cloud, artificial intelligence, and machine learning to deliver actionable business and security intelligence for modern organisations. The cloud-based service is designed to ensure security, scalability, streamlined operations, and bandwidth management — all from a single, easy-to-use interface. Hardware-accelerated solutions BrainChip Inc. is a global developer of software and hardware-accelerated solutions for advanced artificial intelligence (AI) and machine learning applications. The AI-powered video analysis software suite delivers high-speed object search and facial classification for law enforcement, counter terrorism and intelligence agencies. PSIM software platform CNL Software Inc. is an open, adaptable, scalable and secure Physical Security Information Management (PSIM) solutions provider. The IPSecurity Center PSIM software platform helps law enforcement, government agencies, the military, public and private critical infrastructure, transportation networks, corporations and campuses to integrate, automate and manage systems, allowing better security intelligence and improved operational efficiency. Facial recognition software IOmniscient Corp. provides facial recognition software that can recognise multiple faces even in crowded and uncontrolled scenes IOmniscient Corp. provides facial recognition software that can recognise multiple faces even in crowded and uncontrolled scenes. Matching faces with an existing database, the system can detect an unauthorised person and track him or her across non-overlapping cameras. Enhance situational awareness Oncam offers 360 and 180-degree video technology. The company has the largest range of wide-angle cameras that are open platform and easy to integrate. Unique dewarping technology allows the creation of award-winning video solutions for stakeholders from the C-suite to the security officer in wide range of industry segments. Oncam’s products greatly enhance situational awareness. Enterprise-class security Pivot3 is a provider of intelligent solutions using hyperconverged infrastructure. Pivot3’s intelligent infrastructure is optimised to deliver performance, resilience, scalability and ease-of-use required for enterprise-class security, video surveillance and IoT deployments. Electronic physical security The UL 2900-1 standard offers general requirements for software cybersecurity for network-connectable productsUL LLC is working to increase the prominence of the Underwriter Laboratories brand in cybersecurity with the UL Cybersecurity Assurance Program (CAP). The UL 2900-1 standard, the standard that offers general requirements for software cybersecurity for network-connectable products, was published in 2016 and in July 2017 was published as an ANSI (American National Standards Institute) standard. The standard was developed with cooperation from end users such as the Department of Homeland Security (DHS), U.S. National Laboratories, and other industry stakeholders. UL 2900-2-3 – the standard that focuses on electronic physical security/life safety & security industry, was published in September 2017. Proactive automated system Viakoo is a provider of the security industry’s first proactive automated system and data verification solution. Create significant value Vidsys is innovating and accelerating a transition to Converged Security and Information Management or CSIM. The company is committed to educating and supporting customers with their evolving needs to provide a more holistic view of risk and throughout the overall business process re-engineering necessary to create significant value across the entire organisation.
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimise internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual data mapping and processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralised data management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system “We are now tracking and recording every single data request in a centralised way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data processing, documentation and risk management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimised our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing a partnership ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilise great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open platform matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-on modules and intrinsic scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open access is key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalogue of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured business ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, key connector in physical security industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realised that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting the Scandinavian management model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone partner ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open business world Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognising there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving school security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organisations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
Keeping the food supply safe was not an issue for Furman Foods back in 1921, when John W. Furman canned 360 glass jars of tomatoes with his wife, Emma, and their six children. Just as food processing practices have evolved over time, so too has the nation’s approach to securing food processing facilities. Today, Furman Foods uses ID cards as the first step of a greater plan to enhance its plant security. Furman Foods is a family-owned business. By 1969, the company had sold a million cases of tomatoes and was complementing its tomato crop with beans, peppers and other vegetables sold under the Furmano’s name. The company’s roots are planted firmly in the soil of the Susquehanna River Valley of Pennsylvania. Despite this remote location, Frank Furman, Vice President of Quality, is ready to take the facility to the next level of security and quality. “The need is here,” he said. “Everything is coming together at once. Not only does security make good business sense, but it also is something we need to do for our customers.” Food safety and security While the company has focused on food safety for many years, the U.S. Food and Drug Administration’s (FDA’s) Bioterrorism Act of 2002 made security a top concern for food producers such as Furman’s. Title III of the act specifically addresses protecting the safety and security of food and drug supplies. In addition, because Furman Foods provides food for U.S. Department of Agriculture (USDA) food programs, it is subject to USDA security measures. Security isn’t new to the company. It began incorporating additional security measures shortly after September 2001. The well heads for the water supply are locked and checked daily, for example, and a third-party security service is on duty during off-hours. Delivery truck doors now must be sealed, the company’s computer systems have new access controls in them, and locks now adorn all bulk storage areas, such as those for corn sweeteners and vinegar, some of the most vulnerable areas in the company. An important part of the security system at Furman’s is a new ID card program Time and attendance tracking An important part of the security system at Furman’s is a new ID card program. “We needed to replace our time clocks,” said Mark Slear, Systems Administrator, “so we took advantage of the opportunity to introduce employee ID cards to track time and attendance.” “I wanted some kind of control so that people who don’t work here don’t get in,” Furman said, “Despite the fact that we are located in a rural area, we still were seeing people here who shouldn’t be here. We had to figure out some way to limit access.” In the past, the company had pre-printed, pre-numbered, bar coded cards for hourly employee access. Employees were assigned a number, but that was it. HID Fargo Printer/Encoder Slear and Furman selected the Fargo DTC550 Direct-to-Card Printer/Encoder with lamination capabilities from ID Wholesaler (www.idwholesaler.com), a Fargo Value-Added Retailer and the largest online reseller of photo ID products. “I looked around quite a bit,” said Slear, “and all of my research kept coming back to Fargo.” Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs" “We determined that Furman Foods needed a higher level of security than a basic photo ID card could offer,” said Shane Stark, Account Manager, ID Wholesaler. “The FDA keeps tight regulations on who has access to food processing areas. Along with using bar codes and magnetic encoding for security measures, Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs. This led us to lamination and a Mylar card, which offers greater durability.” Slear was also interested in the printer’s speed. “When we ramp up during the summer, we produce a year’s worth of product in three months,” he said. “We have to print a lot of ID cards quickly to accommodate our seasonal workers.” Security access cards Furman’s bought the Fargo printer in October, took employee pictures in November and began issuing new ID cards in January. The ID cards contain a full photo, and the program includes all employees, even the extra 300 that are hired during the July-to-October busy season. While tracking time and attendance with the ID cards was the company’s first concern, Slear and Furman were thinking ahead when they chose an ID card printer, knowing that security needs would be enhanced down the road. “We added a magnetic stripe and photo in preparation for future security,” said Slear. “We haven’t defined yet what else we might do, but much of it will be driven by FDA and USDA directives.” “We liked the fact that the DTC550 printer can print on proximity cards if we decide to upgrade our ID cards someday,” said Slear. Furman agreed. “Eventually, we will go to smart cards, especially for the room where our ingredients are mixed,” he said. “We need to limit this area to those who are designated to be there. They will have to swipe an ID card for access. We chose a printer that will allow us to upgrade the cards, knowing that sooner or later we’ll have to go further with security.” Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements" Comprehensive identification solutions “Everything has been going well,” Slear said. “The person printing the cards picked up on it quickly.” Slear gives high marks to ID Wholesaler for their customer service. “Every time I talk to Shane, I get the answers I need,” he said. “He also checks in from time to time, just to see how things are going.” “Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements and their budgets,” said Jennifer Clancy, Marketing Manager, ID Wholesaler. Currently there are three variations to the Furman’s ID cards: yellow background for employees, green background for visitors and blue background for vendors. “Certain vendors are allowed on site without an escort,” said Furman. “For instance, because we are a kosher facility, once a month a rabbi comes in to check our operations. He has his own vendor ID card and is pre-approved, so he can move throughout our facility unescorted.” Facility security One of our big concerns is having someone follow a carded employee into the plant Furman Foods prides itself on its strong values, its quality products, its sustainability and its food security. Yet Furman isn’t satisfied. “We are still not where we should be,” he said. “We have come a long way, but we have a long way to go. If I could wave a magic wand, we would have one entrance, where everybody has to enter and exit. This entrance would be secured by a card reader, so individuals would have to swipe an ID card to get in. One of our big concerns is having someone follow a carded employee into the plant. Restricted areas should require special access cards, and I’d like a fence around the entire facility, with a guard shack where everyone checks in and out,” he further added. Right now, there are multiple entrances for traffic. The facility is very spread out, and the road in front is a public road. Photo ID access card Yet, all agree that the ID cards are an important step on Furman Foods’ journey toward enhanced security. “A safe workplace is fundamental,” said Clancy. “Photo ID cards provide at-a-glance validation that the card wearer is authorised to be on the premises. This is especially important for food manufacturers.” “I tell our employees security is only going to get tighter,” Furman said. “More safeguards will be put in place. We are in the food business. If we don’t have safe foods, we don’t have jobs.”
Round table discussion
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week’s Expert Panel Roundtable: How are standards shaping change in the physical security market?
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?