ASIS aug15_ASIS_RiskUK_may15 07/08/2015 11:21 Page 1
INTERNATIONAL
TM
Newsletter
UNITED KINGDOM CHAPTER 208
AUTUMN 2015
ASIS NEWSLETTER OF THE YEAR – WINNER 2013, 2012, 2008 & 2003 – HONOURABLE MENTION 2011, 2006.
The New World of Converged Security —Dave Tyson CPP Security risks and vulnerabilities have changed, and security departments develop new strategies and tactics.
enable you to plug these devices into an IP network — which is vulnerable to hackers.
Today, a criminal gang thousands of miles away from your company’s offices can travel over the Internet, break into your building, steal intellectual property, turn off your surveillance cameras and unlock a door protected by an access control system.
What You Need From Equipment Vendors
When you discover the plundered databases and the unlocked door, you might think the thief broke in by defeating your physical security systems and waste your time trying to strengthen those, when you should be strengthening your IT security systems. Of course, it works the other way, too. A thief can break into your building and IT department and carry off a couple of servers with the personal information of thousands of your customers. The point is, security threats and vulnerabilities have converged. Weaknesses in physical security technology put your IT data at risk just like weaknesses in IT security put your plant’s physical plant at risk. How has this happened? Advancing technology has improved cameras, access control systems, alarms and other physical security technology with many new features and capabilities, including IP features that
A handful of physical security equipment vendors have focused on the problems created by this IP migration — but only a handful. Security directors can find those vendors by specifying that their products must be secured from an IT-side attack. Some vendors do provide inherently secure products or at least provide the software applications and hardware that you can use to secure the products yourself. You must also require vendors to provide a plan for configuring the security software and operating systems, server hardware and the protection systems for those tools. If the configuration is weak, hackers and criminals will find ways to get into the equipment. From there, they can break into your building and your firm’s IT system. continued page 14
ASIS UK Police Liaison receives OBE ASIS UK Police Liaison committee member Richard Stones CSyP has been awarded an OBE in the 2015 Birthday Honours for services to police and business. Richard was the first serving Police Officer worldwide to be awarded Chartered Security Professional status (CSyP) back in 2011 and is also a Fellow of the Security Institute and a Freeman of the Worshipful Company of Security Professionals. On receiving the award Richard said, “it’s great to be recognised in this way. I was shocked when I received the letter and initially thought it was a wind-up. I hope it will
help raise the profile of ASIS particularly in policing circles where a closer collaboration with business and industry standard would help us all.” ASIS UK Chapter Chairman Andy Williams CPP said on hearing the news “With the Police service in the UK being subject to further budget reductions, the pressure on nonfront line departments to reduce expenditure whilst improving efficiency is huge. In that context, it is particularly gratifying to see work that Richard has undertaken being rewarded in this way. As a former Police Officer myself, I am especially proud to have Richard working as part of the ASIS UK team in his Police Liaison role.” Richard, Staff Officer to the National Policing Lead for business crime reduction, holds an MSc in Security and Risk Management and is a Visiting Fellow at Derby University.