Qualification & Training
ISC East, in collaboration with premier sponsor, the Security Industry Association (SIA), reported strong growth results at the conclusion of this year’s industry event in New York City. The International Security Conference & Exposition is the Northeast’s largest security trade show, where close to 7,500 security and public safety professionals convened this month to meet experts from over 300 leading security brands, all the while co-locating with the launch of Unmanned Securit...
Hikvision’s PanoVu products are essential components of solutions in retail, hospitality, transportation and education Hikvision USA Inc., global supplier of security equipment and solutions, will provide training and demos of its multi-sensor camera technology at ISC East 2018, slated to take place at the Jacob Javits Center in New York City on Nov. 14 and 15. Product Showcase And Training Session Hikvision will exhibit from Booth 324 on the show floor on both the days. In addition to...
Last week, the Schedule 84 Suppliers Research Panel participated in reviewing the 2018 contracting year with the GSA Schedule 84 leadership team. Our panel group consists of experienced contractors and consultants meeting for a monthly conference call. Schedule 84 is the GSA Schedules Contract for Total Solutions for Law Enforcement, Security, Facilities Management, Fire and Rescue. Our opinions are part of a research program to provide valuable feedback to the GSA Schedule 84 program and on t...
Evolv Technology announced Evolv Edge, its people screening system that detects weapons and bombs, has achieved the U.S. Department of Homeland Security (DHS) SAFETY Act Designation. Following a rigorous application and due diligence process by DHS, the Evolv Edge is now a Qualified Anti-Terrorism Technology (QATT). As part of the Homeland Security Act of 2002, Congress enacted the Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act) to provide incentives for the developm...
Schools are continuing to upgrade security measures for pupil safety. However, on top of all the fundamental challenges schools face, implementing well-rounded and effective security solutions can seem a great difficulty. Andrew Shaw, architectural consultant for Allegion UK, discusses the advantages of electro-mechanical solutions. Schools can equate to some of the most complex security challenges for architects, specifiers and school officials alike. This is because choosing the right solutio...
DICE Corporation has announced that the company is launching a new Tech Security Summit that will combine the annual DICE User Group conference with exclusive training and educational resources for professionals in all sectors of the security industry. 2019 Tech Security Summit The inaugural event takes place April 29 through May 2, 2019 at the Sheraton Grand National Downtown in Nashville, TN. Event highlights include panel discussions with DICE representatives and industry experts, product d...
Bosch has expanded its professional services for integrators with the Boost Onsite Support offering available in North America. Designed to assist with the commissioning of large and complex installations, integrators selecting this service receive in-shop and/or on-site support from a Bosch technical expert as well as access to this specialist via email and phone throughout the duration of the project. Bosch Security, Safety And Communications Systems With this level of onsite support, installations are more efficient, and the integrator gains valuable experience that can be applied to future projects" The Bosch technical expert will provide review and guidance on the programming of Bosch security, safety and communications systems to ensure they are configured to meet the end user’s expectations and specifications. The expert will also advise the integrator on the best way to test the system, the functionality of the network, and any interfaces to products and systems from other manufacturers, as well as assist with end user training when needed. “With this level of onsite support, installations are more efficient, and the integrator gains valuable experience that can be applied to future projects,” said Eric Cechak, Vice President of After Sales Service in North America for Bosch. “Integrators that participated in our initial pilot program of the service have seen the requirement for additional phone-based technical support greatly reduced on projects where Boost Onsite Support was used. Their feedback verifies that having a Bosch expert provide guidance ensures up-front configuration is done correctly and any required adjustments are made efficiently. Overall, this service speeds installation time, reduces troubleshooting and call-back costs for the integrator, and improves end user satisfaction.” Boost Onsite Support Boost Onsite Support rounds out Bosch’s technical support offerings, which include a variety of solutions. In addition to support via phone, email and live chat, Bosch offers an online knowledgebase with technical solutions articles as well as YouTube channels featuring a wide range of video tutorials.
Viakoo, a provider of a proven means to proactively automate surveillance and access control system verification in the security industry, is demonstrating solutions to assist in proving and maintaining regulatory or organizational compliance at GSX 2018. The dynamic capabilities of this system help customers ensure – and prove – consistent compliance with physical security regulations across a wide range of applicable industries including: transportation, payment card processing (PCI), electrical distribution and many more. This solves a persistent challenge in these industries to help avoid the risk of fines or service interruptions. Cyber-Risk Management Working in conjunction with Coalfire, a cyber-risk management and compliance firm, the Viakoo Predictive product was found to fully or partially automate the audit process for 38 specific physical security controls. Using automated discovery and push-button reporting from Viakoo can save significant time during an audit, and can help avoid the risk of expensive penalties, recalls or other service interruptions as a result of failing an audit. Additionally, Viakoo sits on the TIA-942 Edge Data Center working group, providing a focus on physical security requirements and cyber hardening of data centers to the group. Viakoo provides the only patented solution available to prove data retention compliance. Viakoo offers the only proactive and automated solution assessed by forensic auditors from Coalfire for physical security controls" Physical Security Compliance Viakoo has joined with the Telecommunications Industry Association (TIA), which represents the global information and communications technology industry, to comprehensively and proactively participate in providing compliance solutions for protecting telecommunications facilities and products. “Viakoo offers the only proactive and automated solution assessed by forensic auditors from Coalfire for physical security controls,” said Bud Broomhead, CEO, Viakoo. “By working with Coalfire, and joining with the TIA, Viakoo continues to work with industry leaders to provide proactive, automated solutions for ensuring physical security compliance across industries.” Surveillance Systems Many organizations that employ surveillance systems are required by regulations, industry standards, or internal compliance standards to retain video evidence for a period (typically 30 to 90 days). Auditors for industry standards such as PCI, NERC, NIST, TIA-942, FedRAMP and others, are now required to confirm that organizations systematically retain video data for the required retention period in order to achieve compliance certification.
Dortronics, global manufacturer of electric locking hardware and controls for the security industry, announces the expansion of its lunch and learn course offerings by adding Building Industry Consulting Service International (BICSI) Continuing Education Credits. BICSI is a professional association supporting the advancement of the information and communications technology (ICT) community. ICT covers the spectrum of voice, data, electronic safety & security, project management, and audio and video technologies. These informative sessions provide designers, specifiers, and resellers the opportunity to explore and compare the various types of door hardware, interlocking systems and their applications. Topics include mantraps, sally ports and cleanroom/laboratory air locks, and their applications. Courses On Door And Access Control Solutions Dortronics continues to offer AIA and BICSI courses in a small and relaxed environmentThe lunch and learn sessions are accredited by the American Institute of Architects (AIA) as well as recognized by BICSI. Upon successful completion of each course, participants will receive one BICSI CEC and/or one AIA Learning Unit. These informative sessions provide users with detailed information on how door control solutions are designed, manufactured and implemented, and address both off-the-shelf and custom options available. Dortronics continues to offer AIA and BICSI courses in a small and relaxed environment. Two one-hour courses are currently available: Door Interlocks: Applications and system design reviews the various types of door interlocks, mantraps, sally ports and their applications as well as discusses the different types of interlock controls and the accessories required for a fully functional system. Electronic Locking Devices for access control systems reviews electrified door locking hardware and related components which interface with electronic access controllers to provide a complete security solution.
NTT Security, the specialized security company of NTT Group, has strengthened its UK management team with the appointment of Azeem Aleem to the position of Vice President Consulting and Head of its UK & Ireland (UK&I) business. Azeem is a highly respected cybersecurity specialist and joins following a six-year tenure at RSA Security, where most recently he held the role of Global Director and Head of its Worldwide Advanced Cyber Defense (ACD) Practice. Experienced Cybersecurity Expert “Azeem is a very experienced cybersecurity expert and leader with a strong global background and I am very glad to welcome him to NTT Security. He will strengthen our UK management team, but also contribute, based on his extensive experience, to the success of our EMEA organization,” says Kai Grunwitz, Senior Vice President EMEA at NTT Security. Azeem joins NTT Security with a strong track record in cybersecurity with over 15 years’ experience in cyber defense technologies, security operations, counter threat intelligence, data analytics and behavioral classification of the cybercriminal. Within the domain of organizational operations, Azeem has wide-ranging experience in managing P&L, driving operational excellence, change management and process re-engineering. Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats Cyber Threat Prevention Azeem has been at the forefront of architecting cyber resilience capabilities against Advanced Persistent Threats (APT) for some of the best financial, government and public sector organizations across Europe, the US, Asia and the Middle East. He has worked with both national and international law enforcement agencies around intelligence training, detection and investigation of cybercrime. As a subject matter expert, he has made frequent appearances on regional television and radio programs commenting on the increase of cyber threats that are affecting the security of our connected society. A published book author and academic criminologist, he has authored several periodicals on advanced security threats in peer reviewed journals and security magazines. He is an eminent plenary conference guest speaker both at national and international level.
Brivo, global innovator and designer of cloud-based physical security solutions for commercial buildings, announced its expansion into Europe with the opening of its Amsterdam office and the creation of a new subsidiary, Brivo Systems BV. The move highlights the increasing adoption of cloud-based physical security systems and the company’s growing partner and customer base in Europe. With sales, technical, and logistics operations located in Amsterdam, Brivo will now provide a full range of support services to its European customers. Brivo Systems BV We’re seeing growing demand for cloud-based access control solutions in Europe and felt this was a great time to expand our reach" “We’re seeing growing demand for cloud-based access control solutions in Europe and felt this was a great time to expand our reach,” explained Brivo’s President and CEO, Steve Van Till. “We’re really excited about the opportunities and our ability to provide local support resources for our European customers.” As part of this expansion program, Brivo has recently conducted commercial and technical training sessions in Amsterdam and London, with more planned for the future. “We have a great group of end-users and partners already established in Europe,” said Van Till. “It's a pleasure to see their enthusiasm for our solutions and passion for bringing our products to the European market.” Brivo Onair Cloud-Based Security Platform The Brivo Onair cloud-based security platform will offer all the same features in Europe as it does in the U.S, including integrated cloud video from Eagle Eye Networks. With customers in over 55 countries worldwide, Brivo has long had a solid customer base in Europe. The expansion of staff and offices will further drive Brivo’s ability to provide solutions for its customers around the world.
PerpetuityARC Training, part of Linx International Group, is proud to announce that associate trainer Paul Barker has been made a life member of ASIS International and life CPP. The accolade acknowledges Paul’s significant contribution to the international success of its Certified Protection Professional (CPP) qualification. In 1993 Paul became the third security professional in the UK to be awarded the CPP qualification, and two years later he was instrumental in expanding the course in the UK by enabling the exam to be taken outside the US for the first time. As an ASIS training officer, Paul delivered two courses a year, and in just three years CPP numbers in the UK rose to 94, resulting in Paul being presented with the inaugural Mervyn David Award by the UK Chapter of ASIS International. Comprehensive Learning Material Paul’s contribution to the training continues to be exemplary and we are proud to have him as an important part of the PerpetuityARC Training team" Today, ASIS International is the world’s largest association of security management professionals, and PerpetuityARC Training is proud to be a long-standing ASIS education partner. The company recently revealed that 98% of security professionals choosing its courses to train for their ASIS Physical Security Professional (PSP) and CPP qualifications in 2018 passed their exam at the first attempt. Paul Barker explains the reasons for PerpetuityARC Training’s success: “The courses are very well developed and are expertly delivered in a manner that enables learners to retain the volumes of data and apply it to the exam. The material is extremely comprehensive and ties in perfectly with the recommended reading for the exam.” Ciaran Barry, Director of Group Operations at Linx International Group, states: “Paul’s contribution to the training continues to be exemplary and we are proud to have him as an important part of the PerpetuityARC Training team. He continues a long tradition of teaching security professionals to the highest standards, helping them attain meaningful qualifications that advance their careers.” SME In Security Management For Oil And Gas Sector In addition to the ASIS training programmes, Paul also delivers the IQ Level 4 course ‘Managing Security Risks in the Oil and Gas Sector’ In addition to the ASIS training programs, Paul also delivers the IQ Level 4 course ‘Managing Security Risks in the Oil and Gas Sector’. This program is designed for professionals in the extraction, energy, exploration and production industries. Paul’s background in strategic security management at one of the world’s largest oil companies stands him in good stead as Linx International Group’s subject matter expert in this field. PerpetuityARC Training will be at booth 1484 at the Global Security Exchange (GSX) to showcase its pathways to the sought-after PSP and CPP qualifications that include intensive five and ten-day boot camps, online training programmes, and blended courses that combine distance learning with classroom sessions. Formerly known as the ASIS Annual Seminar and Exhibits, GSX takes place at the Las Vegas Convention Center from 23 - 27 September.
What a year it’s been! 2017 has been a monumental period of product innovation and growth for Pivot3. The company experienced a more-than-50-percent increase in bookings from Q2 to Q3 this year, including a record number of million-dollar orders. We also saw deals supporting multiple use cases more than double, and experienced continued growth in the video surveillance market, driven by new product enhancements and contracts worth more than $1 million. We have also invested in building an influential group of surveillance-focused experts internally, and increased our focus on building strong partnerships with major VMS players, key systems integrators and other aligned-technology providers, such as Iron Mountain and Lenovo. A More Robust Industry It wasn’t only Pivot3 that had a healthy year; the industry, as a whole, is robust. Investment in technology is growing in markets ranging from public sector organizations, municipalities, gaming and transit agencies — all seeking technology solutions that drive value, increase intelligence and reduce risk. It is the drive for data that propels the video surveillance industry forward. A respected industry thought leader said recently that “data is the modern currency,” and video is the most prominent Big Data application in the world (by far). Those vendors and installers that understand how to help organizations capture, analyze and leverage data will be the ones who secure their future in the marketplace. A respected industry thought leader said recently that “data is the modern currency" Honest Predictions Last year, I predicted that cybersecurity would become of greater importance to our market and that prediction was on point. Data security has become the number one concern in the industry, widely because users are moving back to more-trusted brands that focus on implementing cybersecurity protocols into network devices. In the coming year, cybersecurity will continue to be a primary focus — and it must be — for all product vendors, integrators and end-users. The adoption of standards and guidelines around data security for physical security technology will be imperative to ensuring data integrity. An Era Of Evolution Over the past year, deep learning and artificial intelligence have become some of the most quoted buzzwords. Organizations see the value in leveraging these trends to analyze data more efficiently, and because of recent market innovations, we see a real impact an analytics effectiveness. Additionally, we have seen more and more large organizations migrate more of their security function to the cloud. Today, private-cloud architecture is no longer novelty; it is expected, and despite some well-publicised breaches, the public cloud is now considered more secure than some traditional on-site solutions. Cloud-based systems will be deployed much more frequently across some market segments, from SMEs to larger enterprises The Year To Come As 2018 approaches, I expect to see many of these same trends accelerate even further. Cloud-based systems will be deployed much more frequently across some market segments, from SMEs to larger enterprises. AI will become more mainstream, and analytics solutions will become more advanced. Overall, we at Pivot3 look forward to another strong growth period and seeing the continued evolution of the market as we swing into another year.
The demand for security consultancy services has increased as recent terror events have highlighted the need for effective and proportionate mitigation measures. Security training has seen an increase in demand, especially for technical courses in the areas of access control and CCTV. Security management training has also risen, except in the oil and gas sector where demand dropped significantly; this is attributed to the suppressed oil price. However, recently there are signs indicating this trend has bottomed out and oil companies are beginning to invest once again in security management training. Security Ramifications Of Brexit Important trends developing in the last year include higher demands for training in cyber-security, and the facilities management market’s pushing to upskill in security disciplines in response to the heighten risk of terrorism. The Brexit situation is having an impact as companies seek to safeguard their international supply chains. For example, there is an increased demand for security advice on Authorized Economic Operator applications. Those businesses which ignore EU requirements, which include producing risk assessments, are at risk of legal restrictions in trading operations. The changing tactics of terrorists – for example, using vehicles as a weapon and marauding attacks – have demonstrated the need for flexible mitigation strategies. Educating Against Cybercrime Terrorism and cyber-related crime, often involving extortion, are amongst the leading issues looking ahead to 2018, with the C-suite continuing to place reputational risk as a top-three agenda item. The impact of lax security can be extreme, as evidenced recently via international media of many leading brands targeted by cyber criminals and terrorists. In the next year, we at The Linx International Group will continue to invest in increasing our eLearning programs portfolio, and are gearing to provide more consultants to meet higher demands overseas, particularly across EMEA and the Far East. What has emerged in 2017 is an increasing mandate from overseas for British-based security consultancy and training services, which are widely regarded as “best in class.” In 2017, there is an increasing mandate from overseas for British-based security consultancy and training services Winners And Losers The winners in the new year will be those companies that invest in quality training to produce increased skills sets in their people, appreciating such investment will increase outputs and ultimately customer confidence. The losers will be those security businesses, particularly in the guarding sector who resist investing in their people and rely on winning business based purely on price alone. We have seen a clear trend in corporates wanting multi-disciplined third-party contractors able to supply personnel with recognized industry qualifications, not just providing manpower at the cheapest possible price. Continuing Success Into The New Year The Linx International Group has had a successful 2017, increasing staff numbers to address double-digit increase in sales. Key achievements for the group have included: the design and creation of two new technical training centers in Dubai and Singapore, the creation of a new professional register for Certified Technical Security Professionals and the launch of a new Master’s Degree in International Security and Risk Managements (developed in conjunction with the University of South Wales). Building on these successes will be a challenge in 2018, as will keeping pace with the ever-rapid changes in technology. One thing is certain, the demand for security across most areas of life will increase – our biggest challenge will be to meet that demand.
A security awareness program is an educational process to help employees observe events or people through a “security lens” Organizations have a duty of care to protect their employees wherever they work. But in the increasingly complex world that we all live in, the ability to deliver a risk-commensurate and cost-efficient security program that adds real value to a business is extremely challenging, according to IFSEC International 2016 speaker Frank Cannon. He will be speaking on developing an employee security awareness program in the Security Management Theatre at IFSEC International in London on 23 June. Benefits And Challenges Of Security Awareness Programs SourceSecurity.com: In what ways does a good employee security awareness program add value to a business? Cannon: Simply put, it increases the number of people within an organization who behave appropriately to safeguard the workforce and protect its property. Through enhanced vigilance and informed awareness, the employees identify and report suspicious conditions or people at the earliest opportunity, so triggering a proportionate response by others. This early notification helps to minimize the negative consequence of crime and thus saves money. SourceSecurity.com: Why is implementing an employee security awareness program such a challenge? "The location, audience, timeavailable and importance of thesecurity message often dictatehow and when the securityawareness program is delivered" Cannon: To be effective, a security awareness program must have the support of senior executives and then resonate with the workforce. It is necessary to identify a series of key security messages that are consistent with the security risks, but that also echo the organization’s beliefs and vision statement. The pitch, tone and proportionality of the security message must complement the day-to-day working culture of the target audience. There is no one-size-fits-all program that can be used to create a security culture, but more there’s a need for a cognitive process that requires an informed approach to harness the views of numerous stakeholders. Once initiated, the program must adapt to the changing work environment and security risks. The challenge is convincing leaders to invest funds based on the likelihood that an undesirable event will have a negative impact on the business and/or convincing the workforce to change their behaviors to minimize the impact of such events. Logistics Of Security Awareness Training SourceSecurity.com: If all employees are effectively part of the wider security team, how do you distinguish between their roles and those of security professionals? Cannon: A “team” is a group of people with a common purpose; in this instance, the purpose is to safeguard all those within the team and to protect the property they use or own. Communication is the essence of good teamwork and by encouraging each and every member of the team to observe, listen and communicate, it allows others to take appropriate action to address any fears or concerns. Non-security professional members of staff become the “alarm” or information gatherers, leaving the security practitioners to respond or analyze and plan. SourceSecurity.com: What does a security awareness training program look like? Cannon: My belief is that “training” is a process to develop skills or practical ability, whereas “education” is the giving and receiving of knowledge or theoretical competence. A security awareness program is an educational process to help employees observe events or people through a “security lens” and help them recognize an abnormal situation that may place people or property at risk. Initial inductions, promotional courses, trade training, team meetings, periodicalworkshops and quarterly town halls all provide good platforms to engage workforces SourceSecurity.com: What are the main elements of such a program? Cannon: Prior to the development of a security awareness program, the security threats and associated risks against the organization, its workforce or its assets require assessment. You then have to create an integrated security program with a proportionate blend of physical, technical and procedural elements. The security procedures set out behavioral expectations for employees, so that a pre-determined outcome is achieved. Only then can an employee awareness program be developed to communicate with the workforce. A program consists of numerous methods (or tools) to communicate security expectations to active participants. These consist of key messages, each of which amplifies specific issues that, when put together, help to create a security culture. This isn’t a tangible asset or outcome but more a way routine business is carried out. Key messages are developed with the support of stakeholders and should complement an organization’s culture, beliefs and operating processes. SourceSecurity.com: What format does the training take (classroom/online/reminders/refreshers etc.)? Cannon: Security education is a continually evolving process that takes advantage of opportunities as they appear. Initial induction, promotional courses, trade training, team meetings, periodical workshops and quarterly town halls all provide good platforms to engage the workforce. "By encouraging each and everymember of the team to observe,listen and communicate, it allowsothers to take appropriate actionto address any fears or concerns" The location, audience, time available and importance of the security message often dictate how and when the security awareness program is delivered. This can range from regular (3 to 5 minute) “security moments” at the start of routine meetings, to a full day workshop involving larger audiences. A tradesperson with little access to a computer may benefit from a “toolbox talk” at the start of the day, whereas an office worker may learn more through an online e-package. For those with time – or for the more important security risks – a workshop or standalone meeting may be the most appropriate forum. Alternatively, a well-designed poster may successfully convey the simpler messages. The critical element of a security awareness program is that the message being communicated must be relevant, important and personal to each person. He or she must identify with the message and understand a personal benefit for changing an otherwise acceptable behavior to help increase the levels of protection for themselves, their colleagues or the property they are responsible for. Effective Physical And Cyber Security Awareness SourceSecurity.com: Does the security awareness program include information security as well as conventional physical security? Cannon: If the organization, its management or the security risk assessment identifies a cyber risk that requires employees to behave in a specific way, then information security can be included in the program. Anything that adds to the protection of personnel or assets can be included, including health and safety, environmental or community interaction. SourceSecurity.com: How can you measure the effectiveness of such a program? Cannon: This is challenging and is often why organizations tend not to invest in security awareness programs. I often say that the success of my program is when I have leaders or supervisors discussing personal safety or asset protection as part of routine business. An organization with an effective program (or security culture) has security as part of its operational planning process, listed within job descriptions and part of its meeting agenda items. Success is when employees are routinely reporting suspicious people or events, where employees are willing to participate in workshops or practice drills, where they change their behaviors based on advice received and where they seek out security awareness materials for use within their own teams. The ultimate goal is to have an incident- and injury-free working environment so that the incident statistics support a downwards trend. The security risk level can change overnight, however, so incident trends are not always a true reflection on the success of a security awareness program.
Cybersecurity talk currently dominates many events in the physical security industry. And it’s about time, given that we are all playing catch-up in a scary cybersecurity environment where threats are constant and constantly evolving. I heard an interesting discussion about cybersecurity recently among consultants attending MercTech4, a conference in Miami hosted by Mercury Security and its OEM partners. The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators. Factors such as training, standardisation and pricing were also addressed as they relate to cybersecurity. Following are some edited excerpts from that discussion. The Role Of The IT Department Pierre Bourgeix of ESI Convergent: Most enterprises usually have the information technology (IT) department at the table [for physical security discussions], and cybersecurity is a component of IT. The main concern for them is how any security product will impact the network environment. The first thing they will say, is “we have to ensure that there is network segmentation to prevent any potential viruses or threats or breaches from coming in.” The main concern for IT departments is how any security product will impact the network environment” They want to make sure that any devices in the environment are secure. Segmentation is good, but it isn’t an end-all. There is no buffer that can be created; these air gaps don’t exist. Cyber is involved in a defensive matter, in terms of what they have to do to protect that environment. IT is more worried about the infrastructure. The Role Of Consultants And Specifiers Phil Santore of DVS, division of Ross & Baruzzini: As consultants and engineers, we work with some major banks. They tell us if you bring a new product to the table, it will take two to three months before they will onboard the product, because they will run it through [cybersecurity testing] in their own IT departments. If it’s a large bank, they have an IT team, and there will never be anything we [as consultants] can tell them that they don’t already know. But we all have clients that are not large; they’re museums, or small corporations, or mom-and-pop shops. They may not be as vulnerable from the international threat, but there are still local things they have to be concerned about. It falls on us as consultants to let them know what their problems are. Their IT departments may not be that savvy. We need to at least make them aware and start there. Wael Lahoud of Goldmark Security Consulting: We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels. At the procurement stage, we as consultants must select and specify products that have technology to enable cybersecurity, and not choose products that are outdated or incompatible with cybersecurity controls. We also see, from an access control perspective, a need to address weaknesses in databases. Specifying and having integrators that can harden the databases, not just the network itself, can help. The impact of physical security products on the network environment was a dominant topic at the MercTech4 consultants roundtable discussion The Need For Standards On Cybersecurity Jim Elder of Secured Design: I’d like to know what standards we as specifiers can invoke that will help us ensure that the integrator of record has the credentials, knows what standards apply, and knows how to make sure those standards are maintained in the system. I’m a generalist, and cybersecurity scares the hell out of me.We’re not just talking about access to cameras, we are talking about access to the corporate network and all the bad things that can happen with that. My emphasis would be on standards and compliance with standards in the equipment and technology that is used, and the way it is put in. It can be easier for me, looking at some key points, to be able to determine if the system has been installed in accordance. We are seeing more and more organizations having cybersecurity programs in place, at different maturity levels"I’m taking the position of the enforcement officer, rather than the dictator. It would be much better if there were focused standards that I could put into the specification— I know there are some – that would dictate the processes, not just of manufacturing, but of installation of the product, and the tests you should run accordingly. Pierre Bourgeix: With the Security Industry Association (SIA), we are working right now on a standard that includes analyzed scoring on the IT and physical side to identify a technology score, a compliance score, a methodology, and best-of-breed recommendation. Vendor validation would be used to ensure they follow the same process. We have created the model, and we will see what we can do to make it work. Terry Robinette of Sextant: If a standard can be written and it’s a reasonable process, I like the idea of the equipment meeting some standardized format or be able to show that it can withstand the same type of cyber-attack a network switch can withstand. We may not be reinventing the wheel. IT is the most standardized industry you will ever see, and security is the least standardized. But they’re merging. And that will drive standardization. Jim Elder: I look to Underwriters Laboratory (UL) for a lot of standards. Does the product get that label? I am interested in being able to look at a box on the wall and say, “That meets the standard.” Or some kind of list with check-boxes; if all the boxes are checked I can walk out and know I have good cybersecurity threat management.IT is the most standardised industry you will ever see, and security is the least standardised" The Role Of Training Phil Santore: Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve. There are multiple levels from zero to a completely closed network. Wael Lahoud: From an integrator’s perspective, cybersecurity training by the manufacturer of product features would be the place to start – understanding how to partner the database, and the encryption features. We see integrators that know these features are available – they tick the boxes – but they don’t understand what they mean. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization. That would be a good starting point. The Role Of Integrators Wael Lahoud: Integrators like convenience; less time means more money. So, we see some integrators cut corners. I think it is our role (as consultants) to make sure corners are not cut. If you rely solely on integrators, it will always be the weak password, the bypass. We have seen it from small projects to large government installations. It’s the same again and again. Even having an internal standard within an organization, there may be no one overseeing that and double-checking. Tools will help, but we are not there at this point. I will leave it up to manufacturers to provide the tools to make it easy for consultants to check, and easier for integrators to use the controls. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organization - so training is very important The Impact of Pricing Pierre Bourgeix: The race to the cheapest price is a big problem. We have well-intended designs and assessments that define best-of-breed and evaluate what would be necessary to do what the client needs. But once we get to the final point of that being implemented, the customer typically goes to the lowest price – the lowest bidder. That’s the biggest issue. You get what you pay for at the end of the day. With standards, we are trying to get to the point that people realise that not all products are made the same, not all integrators do the same work. We hope that through education of the end user, they can realise that if they change the design, they have to accept the liability.It’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it" The big picture Wael Lahoud: The Windows platform has a lot of vulnerabilities, but we’re still using it, even in banks. So, it’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it. That’s where the cybersecurity program comes into play. There are many vulnerable products in the market, and it’s up to professionals to properly secure these products and to design systems and reduce the risk. Pierre Bourgeix: The access port to get to data is what hackers are looking for. The weakest link is where they go. They want to penetrate through access control to get to databases. The golden ring is the data source, so they can get credentialing, so they can gain access to your active directory, which then gives them permissions to get into your “admin.” Once we get into “admin,” we get to the source of the information. It has nothing to do with gaining access to a door, it has everything to do with data. And that’s happening all the time.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing A Partnership Ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilize great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open Platform Matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-On Modules and Intrinsic Scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total Integrated Solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open Access Is Key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalog of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured Business Ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video Enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting Connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, Key Connector In Physical Security Industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realized that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting The Scandinavian Management Model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone Partner Ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open Business World Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The potential for catastrophic injury in the petrochemical industry makes safety training and credentialing of employees imperative. Coordinating this process for a variety of industries, including many in the petrochemical fields of southern Alabama, is Training Solutions for Construction and Industry (TSCI). The mission of TSCI is to promote and facilitate workforce development ‘by providing industry-recognized training with portable credentials to create a diverse, trained and sustainable workforce’. TSCI provides computer-based and instructor-led training developed by the Association of Reciprocal Safety Councils (ARSC) and based on requirements from the Occupational Safety and Health Act (OSHA) and the U.S. Department of Homeland Security. Within one day, a person can gain all of his or her required training for a year, and it will be accredited. ID Cards With Encoded Results Workers who successfully complete a TSCI safety orientation receive a tamper-proof ID card, encoded with the results of his or her training. “ID cards give students a record of their training and eventual access to a plant,” said Jack Fecas, Operations Manager, TSCI. The card is valid for one year. If other safety or specialized training is completed during that year, the card is encoded with the additional credentials. All member plants of TSCI and ARSC member organizations recognize and accept the ID card. Workers look to TSCI for training in such areas as fire safety, process safety management, confined space entry, respiratory protection, hazardous energy, basic first aid and CPR, scissor lift, scaffolding, excavation and trenching, elevated work surfaces, electrical safety and disaster site safety. The Office of Homeland Security also can set criteria for credentialing, such as asking for drug screen results. Site-Specific And Fire Safety Training TSCI provides site-specific training, which might include a focus on fires or explosions at a refinery or dust-particle respiratory safety at a mill In addition to its basic orientation training programs, TSCI provides site-specific training, which might include a focus on fires or explosions at a refinery or dust-particle respiratory safety at a mill. “Some companies using dangerous materials have wind socks to indicate which direction the wind is blowing, telling employees which exit route is safe for use at that time,” said Fecas. “This kind of training needs to be site-specific.” Other site-specific training might include basic alarm system safety, teaching employees what to do when they hear a constant alarm versus what they might do if they hear several short bursts of an alarm. About 1,500 workers take the basic orientation program from TSCI every year, and the numbers are growing. With only one printer, clearly more capacity was needed. Fargo’s DTC550 Printer/Encoder Fecas knew that his organization needed more capacity in order to handle the increasing volume, so he began looking for an additional printer – one that was fast, yet reliable. He needed barcode technology and a printer that could encode new data as workers took additional classes. TSCI found all of the requirements it was seeking in Fargo’s DTC550 Direct-to-Card printer/encoder from ID Wholesaler. Not surprisingly, the security offered by the DTC550 was a primary selling point for Fecas. In addition to being recommended by other ARSC Safety Councils, it just made good business sense. TSCI chose a standard holographic overlaminate available with the DTC550, which improves the card’s durability and reduces the risk of counterfeiting. More than 80 percent of training occurs at the TSCI offices, according to Fecas, but it also can take place at a plant site. With the new DTC550 able to handle the increasing demand at TSCI, the old printer will be used for remote training, thus increasing TSCI’s ability to meet the needs of its customers. Workspace Security The common curriculum of our safety training levels the playing field, so when workers leave TSCI they can recognize the hazards in the worksite and protect themselves and their co-workers" “The common curriculum of our safety training levels the playing field, so when workers leave TSCI they can recognize the hazards in the worksite and protect themselves and their co-workers,” Fecas added. “They still have information to learn at the plant, but they are ready to go to work.” “We have had ID cards since we began in 1995,” he said, “but with the early cards, there was much more hand-work. Our operator had to add a photo by hand and then wait for the laminating machine to heat up before the card could be laminated. The evolution has been very interesting. In addition, we have been very pleased with the service provided by the Fargo printer and by ID Wholesaler. I can pick up the phone or send an e-mail, and a representative is available for assistance.” Most Secure System “We recommended the DTC550 printer because it is very reliable and has more than one holographic laminate choice,” said Jeff Gunhus, ID Wholesaler Sales Team Leader. “TSCI originally bought just the printer and had to wait until its next budget cycle to purchase the lamination unit. They liked the fact that the Fargo printer had an upgrade path. It is important to listen to our clients’ wants, needs and concerns,” Gunhus added. “Then we simply do our best to help them out.” “If a company is going to do business nowadays, it needs to be secure,” adds Fecas. “Our business relies on plants and regulatory agencies trusting what we do. We need to be on the cutting edge when it comes to information technology. The best system is the most secure system. We made a decision to go with what has been tried and true and working in industry now.”
Government regulations continue to step up security demands at federal agencies, requiring identity cards to support multiple identity assurance factors and be validated at entries into a building or location. Because of the cost and infrastructure that goes along with many security upgrades, federal agencies must wait months or, in many cases, years to implement changes. The Federal Aviation Administration—an operating mode of the U.S. Department of Transportation—is no different. The FAA is tasked with the colossal mission of regulating and overseeing all aspects of civil aviation in the United States. With offices around the world, including its headquarters in Washington, D.C., the FAA has a large number of employees and buildings to oversee. With so many people coming into and out of the buildings each day, it is particularly important that security personnel have reliable tools to validate employee credentials Need Of Tools For Validating Employee Credentials As part of its security requirements, the FAA must validate Personal Identity Verification (PIV) cards at checkpoints within its facilities. With so many people coming into and out of the buildings each day, it is particularly important that security personnel have reliable tools to validate employee credentials. As recently as a year ago, FAA security personnel were conducting visual inspection of PIV cards at the gates into facilities that did not have PIV card readers. They had no way of telling if the card was authentic, revoked, or if the employee had access rights to a checkpoint at a particular time. At the FAA headquarters, which employs just under 6,000 permanent employees, and another FAA facility, the Minneapolis Air Route Traffic Control Center, which is the organization’s 11th busiest airport traffic control tower, visual verification just wasn’t enough. Automating The Verification Process In order to comply with HSPD-12 and the Office of Management and Budget (OMB) Memorandum 11-11, the FAA needed a process beyond visual verification that allowed security personnel to quickly check the authenticity and revocation status of a card, as well as access rights to a particular area of the facility. With as many as 5,000 people coming into the FAA headquarters facility daily, the organization’s primary goal was to automate the verification process. “The project needed to provide guards the ability to validate PIV cards at FAA facilities where the gates did not have PIV card readers,” said Craig Auguston, HSPD-12 Program Manager at the Federal Aviation Administration. “We also wanted a mobile solution for backup and for roaming guards to be able to validate secure areas, such as parking garages.” Codebench’s OMNICheck Plus Software OMNICheck Plus was ultimately decided upon because it is integrated with many physical access control systems including the P2000 The FAA began looking at products that could not only meet its requirements for mobile validation, but also integrate seamlessly with its P2000 security management database from Johnson Controls (JCI), according to Auguston. “This upgrade was important to meet the FAA’s requirement to validate PIV cards at all check points,” Auguston said. The FAA’s former process of visual verification was not allowing security guards to check the status of a PIV card, such as revocation status and specific access rights, both of which the organization needed to meet its security goals. After testing a couple of mobile software validation programs, the organization chose OMNICheck Plus software from Codebench, a HID Global Company. OMNICheck Plus was ultimately decided upon because it is integrated with many physical access control systems including the P2000, and it is listed on the GSA’s FIPS 201 Approved Products List as a CAK authentication system when running on an ARM-based mobile device such as the DAP CE3240B, which both FAA facilities use. Giving Mobile Access To The Security Guards “They really needed something that was going to allow their security guards to be mobile in certain parts of a facility,” said Botio Mandov of Johnson Controls. Johnson Controls, the integrator for the project, helped the FAA implement a larger security upgrade, which included the security management database and mobile validation software. Together, the FAA’s mobile DAP devices and OMNICheck Plus software enabled roaming security guards to use the mobile handheld devices in FAA parking garages and other entry points that needed to be secured, but do not have stationary PIV card readers. One of the most important aspects of authentication software for the FAA was the ability to check an employee’s access rights directly on the mobile card readers Checking Access Rights On Mobile Card Readers In addition to mobility, one of the most important aspects of authentication software for the FAA was the ability to check an employee’s access rights directly on the mobile card readers—something only their organization’s P2000 physical access control system could do previously. With an OMNICheck module called Data Import, certain cardholder information housed in the FAA’s P2000 database, such as access rights, was pushed down into the DAP mobile devices used by security personnel. “Access rights allow FAA security guards to make sure employees’ cards are not only valid, but that they are allowed to be in a certain area at a certain time,” Mandov said. In addition, FAA security administrators can run audit reports that show which cards were checked and when. The implementation took about five months, including testing the interface with the access control system and coming up with a training guide for the security guards, according to Auguston. The FAA is currently using 31 DAP CE3240B mobile readers with OMNICheck Plus. Saving Money By Eliminating Physical Parking Passes Prior to the OMNICheck Plus installation, FAA security personnel had an unreliable way of authenticating PIV cards and access rights. Now, security personnel are able to verify digital certificates, revocation status and access rights, all while having an audit trail of the cards checked in the system. An additional, unexpected benefit for the FAA has been the cost savings of eliminating physical parking passes at its two facilities. “We are able to positively identify cardholders’ status when they try to enter the facility. We were able to save money by eliminating the physical parking pass by using OMNICheck to validate cardholder’s status for parking in FAA-controlled facilities,” Auguston explained.
The Sinan Erdem Dome is the largest multi-purpose indoor venue in Turkey. Located in Istanbul, the dome has a seating capacity of up to 22,500, and hosts a number of events, including concerts, tennis matches, and basketball games. Strengthening Stadium Security Upon being chosen to host a number of games during the European Basketball Championships 2017, the chief European men’s international basketball competition held biannually, the Sinan Erdem Dome looked to strengthen their security system. The dome’s large-scale presented high-surveillance requirements such as support for 64 split-screens, hundreds of cameras, and a back-end storage and management infrastructure that could support the entire system. Dahua provided the dome with a complete, high-end monitoring system that included a total of over 600 IP, speed dome, and ANPR cameras on the front-end, and NVRs, video walls, video matrix devices, and related control accessories on the back-end. Smart Detection Technologies The dome’s surveillance system was constructed with the latest cutting-edge technology To better protect the stadium from a variety of threats, the solution employed a number of smart detection technologies such as intelligent analysis, which includes motion detection, tripwire, intrusion, and smart-tracking functionality. ANPR was also utilised, which recognises license plates numbers and checks them against a central whitelist and blacklist. Plate records are also stored on NVR devices and can be searched through by security officers. In less than a week, the local team completed installation, testing, and customer training, and the dome was fully ready to securely host international sporting events. Protecting All Corners In under a week, the dome’s surveillance system was constructed with the latest cutting-edge technology, increasing its appeal to international events seeking venues. Dahua smart technologies automated a great number of surveillance operations, such as automatic car-barrier operation enabled by ANPR camera integration, thus greatly reducing the strain on security workers. Every corner of the stadium was covered by Dahua cameras providing high definition video, ensuring zero blind spots and optimal detail collection. In addition, Dahua showcased its customer-centric philosophy through supplying high-quality customization, technical support, operation training, and after-sales service, which guaranteed the expertise of system operators as well as long-term reliability and quick issue resolution.