ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 1
INTERNATIONAL
TM
Newsletter
UNITED KINGDOM CHAPTER 208
WINTER 2014
ASIS NEWSLETTER OF THE YEAR – WINNER 2013, 2012, 2008 & 2003 – HONOURABLE MENTION 2011, 2006.
60th Annual Seminar and Exhibition Barry Vincent CPP Karen Gill, who had been on the same flight from London, for introducing me to some of the ASIS ‘dignitaries’. However, it was not long before Rupert Reid and I were bumping into old friends amongst the whales, sharks and multi-coloured sea creatures on display. It was a pleasant surprise to meet with members from ASIS Chapters across the world, including a number of my former students from Uganda, Nigeria and Saudi Arabia.
I have recently returned from the ASIS International 60th Annual Seminar and Exhibition held at the World Congress Centre in Atlanta, Georgia between September 29th and October 2nd. As with many events in the United States this was a major production and the ASIS organisers are to be congratulated in organising an event on this scale attracting 20,000 attendees and many hundreds of exhibitors. Alongside the exhibition there was a full programme over the three days of educational and networking events led by quality speakers, including former US Secretary of State, Colin Powell and our own Martin Gill. Arriving on Sunday my first task was to navigate the massive geography of the World Congress Centre, comprising three huge buildings and multiple floors, in order to find the pitch to set up the TheSMA booth in the vast exhibition hall – think IFSEC and multiply by two. It was fortunate that we were located close to the ASIS stand with its prominent banner which helped to direct us to the booth site. The exhibition hall resembled what I imagine an explosion in an IKEA showroom might look like with partly assembled furniture and packaging strewn everywhere. What a transformation on Monday morning with all the booths assembled and adorned with the exhibitors merchandising material and technology. The exhibition was populated by the usual array of providers of CCTV, alarm systems and guarding companies, but also some niche software providers and those identifying commercial applications for technology originated for military operations. On Sunday evening Richard Widup, ASIS President for 2014 and his wife, hosted a well attended reception in the Atlanta Aquarium, a slightly surreal location for a networking event. I was grateful to Martin and
With a regular footfall to the TheSMA booth, aided by the presence of some friendly and attractive sniffer dogs directly opposite, the three days passed quickly and it was soon time to pack up to return home.
Although not able to participate in the education sessions, feedback from those who had was very positive, and overall the sessions adequately reflected the current and emerging security threats and the ongoing challenges to address them. For TheSMA, we were pleased to be able to exhibit our quality British security management training products, and welcomed the opportunity to meet with some of the ASIS Headquarters team, and were encouraged by our discussions with some of the US Chapter leads and others who expressed keen interest in our training products. On reflection, attending the Seminar served as a useful reminder that as ASIS members we are all part of a global fellowship of participants and hopefully contributors to a dynamic and continually evolving security industry with a major role to play in protecting our organisations and our society. Barry Vincent CPP PCI is an independent security consultant and senior trainer for TheSMA Ltd.
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 2
CHAIRMAN’S NOTES
Vice Chairmen’s notes Mike Hurst
As we approach the year end and the Chapter AGM and Winter Seminar on December 11th it’s perhaps worth looking at what we have achieved, so far, in 2014. Launch of new Victim Support awareness initiative Facilitated Project Griffin initiative in France and the Netherlands via ASIS European Chapters Free CPE Days for CPPs, PSPs, PCIs and CSyPs supported by CPE Partner, Axis Communications Engagement with Police and government bodies Established and enhanced strategic partnerships with other industry bodies eg. SAMI/IHSM/London First/CSARN We have re-launched the Women in Security programme, thanks to Dawn Holmes CPP, Appointed a Chapter Technology Lead, Dr Vibhor Gupta and a Hotel Sector Lead, Darren Carter. Exhibition stands at Security TWENTY 14 (x3) Total Security Summit (x2) Counter Terror Expo Transport Security Expo World Cities Conference National Association of Healthcare Security Conference (inc. a speaking slot) IFSEC (including a joint VIP networking lunch) Represented at /attended BRC Retail Crime Conference ASIS CSO Roundtable / SASIG event ASIS European Advisory Council (The Hague and Frankfurt) ASIS European Conference Programme Committee (Frankfurt) MISTI CSO Summit and Roundtable (inc. place on a panel) Numerous Industry and Parliament Trust events SRA (Security Regulation Alliance) Chartered Security Professional Regulation Authority Participated in CSSC Joint Security Associations Fundraising Event (raising £16,000 for two charities) Supplied judges at Security Excellence Awards & Women in Security Awards
2
WINTER
2014
Graham Bassett
Press Monthly article in Risk UK Magazine Regular ASIS column in Security News Desk Coverage in Professional Security Magazine ASIS piece in LP EU magazine (quarterly) Regular ASIS feature in City Security Magazine We are also extremely grateful for the support of our sponsors and exhibitors. Without them we would not be able to keep the price of events at their current levels, put on the free events we have, run the chapter office or indeed publish this newsletter. So massive thanks go to Axis Communications Frontline Security Solutions Nedap Security ARC Bold Communications BSI CIS Security Counter Terror Expo Esoteric ISMI Lenel QCC Quantum Secure (from 2015) Securitas Tavcom Training THESMA VSG Wilson James Others will be announced soon. We also have exciting educational, charity and other plans for 2015 including our first Northern Conference (organised by Dr Peter Speight CSyP) on the 9th April 2015 which will be hosted at Leeds University. Oh! Did we mention the 130 new and returning chapter members? This will have increased by the end of the year. Onwards and upwards! Mike Hurst & Graham Bassett
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 3
CALENDAR
Calendar Events November 14 13th 14th December 14 2nd–3rd 7th–9th 11th 16th February 15 15th–17th March 15 12th March 16th–17th 28th–31st April 15 9th 21st–22nd 22nd–23rd
Security Institute Remembrance Event National Association of Healthcare Security Conference Transport Security Expo ASIS 8th Asia-Pacific Security Forum & Exhibition, Singapore ASIS UK Winter Seminar and AGM Security Institute Curry Night
ASIS 6th Middle East Security Conference & Exhibition, Dubai ASIS UK Spring Seminar Total Security Summit, Stanstead ASIS 14th European Security Conference & Exhibition, Frankfurt ASIS UK Northern Seminar, Leeds Counter Terror Expo ASIS 25th New York City Security Conference & Expo
June 15 16th June 16th–18th
ASIS UK Summer Seminar IFSEC
July 15 7th
Security IT Summit, London
September 15 TBC 28th–31st December 15 TBC
ASIS UK Autumn Seminar 61st Annual Seminar and Exhibits, Anaheim, California ASIS UK Winter Seminar and AGM
ASIS Christmas Quiz Our Technology partners Frontline Security Solutions are offering an ASIS member a chance to win a great prize in this Winter’s edition of the Newsletter: Sony Action Cam HDR-AS30V 11.9mp Waterproof camcorder, rrp £180.00. Simply answer the following questions and send your reply subject ASIS WINTER QUIZ to andy_coles@fsslimited.com winner will be drawn from the winning entries and announced prior to 24th Dec. Please include your ASIS Membership number as well. 1. In what country did the Christmas tree originate? 2. Where was the original Santa Claus born? 3. What country did Poinsettias originate in? 4. When exactly is 12th night? 5. To the nearest 5, currently how many members are there in the UK chapter of ASIS?
www.asis.org.uk
INSIDE THIS ISSUE: Chairman’s Notes
2
Diary
3
Project Griffin in Europe
4
Servator
6
Victims of Crime
8
ASIS Foundation
9
Offenders
10
New Members
11
CPP Coach Inn
12
Fundraising
13
Compliance
14
ESSENTIAL INFORMATION JOINT EDITOR – Helene Carlsson (07802 864485). helene.carlsson@btinternet.com JOINT EDITOR – Mike Hurst (0845 644 6893) mike@hja.co.uk ADVERTISING – Graham Bassett (07961 123763); graham@gbruk.com Chapter Executive Officer – Jude Awdry, ASIS UK Chapter 208, PO Box 208, Princes Risborough, HP27 0YR. Tel: 01494 488599; Fax: 01494 488590; info@asis.org.uk MEMBERSHIP ENQUIRIES – Nigel Flower, CPP (01276 684709 nigelflower@msn.com) PUBLISHERS – The 208 Newsletter is published by Chapter 208 of ASIS International. FREQUENCY – The 208 Newsletter is published four times per year, Spring, Summer, Autumn & Winter – please contact the editorial team for deadlines. IN GENERAL – The 208 Newsletter welcomes articles & photographs, but while every care is taken, cannot be held responsible for any loss or damage incurred while in transit or in our possession. Please send all material to the editors. The Newsletter may publish articles in which the views expressed by the author(s) are not necessarily those of ASIS. ISSN N0 – 1350-4045
WINTER
2014
3
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 4
PROJECT GRIFFIN IN EUROPE
Project Griffin in Europe France
Netherlands
Recently Graham Bassett, ASIS Vice Chairman (and Chairman of Project Griffin London Board) along with ASIS colleague, Don Randall MBE (Chair, Project Griffin Executive Board) and Ian Mansfield MBE (CoLP) hosted a French delegation at the Bank of England.
A few weeks after the meeting and talks with our guests from France, Lucien Stopler from the Netherlands was also hosted at the Bank of England to discuss the potential of a pilot scheme in the Netherlands. Lucien works closely with the Dutch Government, Police Force and business community to facilitate closer links and co-operation.
Nicholas Le Saux CPP (ASIS Regional Vice President) instigated this visit to explore the potential benefits and opportunities that Project Griffin can bring to a City/Community. The talks were deemed a resounding success with a future visit planned early 2015 to progress a pilot scheme in Paris. Below (L-R) are Don Randall, Ian Mansfield, Thierry Coudert (Prefet, Head of Security Partnerships Ministry of Interior), Eric Davon (ASIS Chapter Chairman France), Graham Bassett, Stephanie Bergouignan CPP (Chapter Secretary and WIS representative, France) and Pascal Hurtault (Colonel, Project Director, Security Partnerships, Ministry of Interior).
Lucien also attended the City of London Police Project Griffin Awareness Day at Wood Street and spent time with Alex Williams (CoLP) visiting Griffin sites in the City. A successful couple of days and we look forward to supporting the next stage of development for a pilot scheme in the Netherlands. Below (L-R) Alex Williams (CoLP), Graham Bassett, Don Randall and Lucien Stopler.
in the room at Westminster that evening made him feel very welcome although the canapĂŠs were apparently not what he had expected. Never one to miss a networking opportunity Graham exchanged details with numerous dignitaries and promoted the ASIS International values. We look forward to working closely with the Addis Ababa Chapter once it has been established.
Mike Hurst and Graham Bassett at the Industry and Parliament Trust AGM with ASIS UK Patron Baroness Angela Harris. Graham also attended the IPT Diplomacy Reception on 13th October, which given that the reception was on the 20th proved not to be his best decision. However the Ethiopian Trade Delegation who were
4
WINTER
2014
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 5
GROWTH
Using Jaguar and James Bond to create jobs and growth – the key to national security” Allison Wylde Report from the Industry and Parliament Trust’s Commercial Diplomacy Reception, Westminster Hall, in the House of Commons Allison Wylde FRGS DIC (Imperial) - ASIS International Commission on Standards and Guidelines
More than 50 international diplomats, politicians and industry guests attended a commercial diplomacy reception and networking event hosted by the Industry and Parliament Trust (IPT) in the Commonwealth Parliamentary Association Room in the historic Westminster Hall in the House of Commons, London. The event was sponsored by the City of London with the goal of encouraging growth and investment in the UK. Speakers included the Right Honourable Lord Mayor Elect Alan Yarrow, the Rt Hon Mr Hugo Swire MP, Minister of State at the Foreign and Commonwealth Office, and Mr David Amis MP, Chairman of the IPT. A summary of the speeches is presented next and ASIS International members may recognise the common strands of security, trust and anti-corruption as well as the potential opportunities for medium-sized businesses. The Rt Hon Mr Hugo Swire said the IPT works with Her Majesty’s Government to build on the UK’s reputation for “selling the UK overseas and attracting foreign direct investment”, importantly, he added, “this is a matter of trust”. The Chancellor of the Exchequer’s strategic goals were highlighted by the Rt Hon Minister as “doubling exports to 1trillion by 2020, increasing foreign direct investment to 1.5trillion and increasing the number of
www.asis.org.uk
companies to over 100,000”. He said there has been a cultural change to promoting the UK and businesses, and “jobs and growth are the key to national security”. Recent successes have included key trade deals with Singapore, Korea and the EU. The EU Transatlantic Trade and Investment Partnership (TTIP) benefit to the UK is equivalent to £400 per head. He said the UK also needs rules to tackle corruption so when we do business we make sure “the price is the price”. He added;
“A key concern for us is Energy Security.” The Rt Hon Mr Swire said the IPT also works closely with the UK Trade and Investment department on plans to help medium-sized companies, those with around 30 staff. We want to help these companies grow into large companies. We’ve been running a “grand campaign”, holding over 50 events in 140 countries promoting British brands; “Jaguar and James Bond” to increase recognition of “brand UK”. He said: “If you’re aware of this and perhaps are now bored with it, then we know it’s worked.”
‘Uber’ of inward investment.” He said every partnership depends on trust and we need to raise awareness in Parliament that companies and trade are the economic engine - “the cogs that drive the wheel” of the economy and of the public sector. Mr David Amis MP, Chairman of the Board of the IPT, and Baroness Prosser OBE, Board member of the IPT, thanked the Right Honourable Lord Mayor Elect, Alan Yarrow and the City of London for sponsoring the event. The Rt Hon Alan Yarrow, who on November 7th will be the 687th Lord Mayor, highlighted the City’s key strengths as “both selling and services”. Two crucial services include Law and Finance; English Law has an important international role since it underpins most of the contract law used around the world. Financial services in the City of London include Foreign Exchange, which produces 44% of the global trade, “twice the rate of New York”. The Rt Hon Lord Mayor Elect ended by reinforcing the City’s long-standing commitment to education, “in 1878 the City established City and Guilds, the Royal College of Science and the Royal School of Mines - now known as Imperial College” - adding, “apprenticeships are critical, now, more so than ever”. For more details on the article, please email Allison Wylde wyldeallison@gmail.com
He said it is a competitive market place, a case of “Export or Die” and the UK was an early starter: our history as former “buccaneers and pirates” equips us well. We need more joint ventures and more trading: “We want to be the
WINTER
2014
5
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 6
SERVATOR
Servator, Serving the City of London Commander Wayne Chance, City of London Police Project Servator has become business as usual for us in the City. But look a bit harder and there are some important differences. First of all the new phase of Servator looks and feels a bit different. Our officers are jointly deploying with British Transport Police in transport hubs across the City. We have the 300,000 pairs of eyes and ears of our City of London residents, workers, visitors and businesses who we are calling upon to help keep the City safe and to report anything suspicious. And, as part of this effort, City of London Police officers are out patrolling the City with private, SIA licensed security officers from City-based businesses.
At first glance a highly visible police presence on the streets of the Square Mile looks nothing out of the ordinary. And for our City of London Police officers, nothing is out of the ordinary.
6
WINTER
2014
This is what the eye can see, but there is also a strong presence of covert officers who work with our uniformed police as part of the deployments. Spearheaded by an advertising campaign featuring, for
example, our plain clothes officers (see inset example of the posters), our messages will be highly visible at train and tube stations, on phone kiosks and roadside hoardings and in the press. But let’s go back and review the genesis of Project Servator. When we launched back in February of this year, our goal was to replace the old “Ring of Steel” approach with more dynamic police deployments which could pop up anytime and anywhere in the City of London. The key features of the deployments have been the large numbers of plain-clothed and uniformed officers and the use of a range of police assets, including dogs, horses and vehicles as well as CCTV and ANPR (Automatic Number Plate Reader). We’ve seen that the deployments have been highly successful, both in terms of how our community has engaged with them but also in terms of stopping crime. Research we conducted in February showed that 69% of the public stated they were prepared to report suspicious
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 7
SERVATOR
experience with Servator around the Commonwealth Games. The support and assistance from large business based in, or operating from, Glasgow proved essential for the success of Project Servator and for the Games. Behemoths such as Tesco and Royal Bank of Scotland (RBS) embraced Servator Glasgow, training their staff to be vigilant back of house and in customer-facing areas and providing quite literally a ‘shop window’ for Servator messages.
activity[1] and we’ve seen an impressive 76% increase in 101 calls related to public reports of suspicious activity. And since the official launch of Project Servator earlier this year we
have made 1,409 stops and 74 arrests. We’ve also worked closely with Police Scotland, learning from their
We have integrated many of these activities in our new phase of Servator in the City of London. We will see many more businesses – large and small - coming on board with Servator, helping us get our message out to the community, and being our extra pairs of eyes and ears on the ground to deter terrorists and to detect criminals. For further information on Project Servator, see the City of London Police website.
[1] When asked “How likely would you be to report a crime you have witnessed”, 69% stated that they were ‘very likely’ to report suspicious behaviours; 734 interviews were undertaken with City residents, workers and visitors in February/March 2014.
www.asis.org.uk
WINTER
2014
7
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 8
VICTIMS OF CRIME
VICTIMS OF CRIME – JUSTICE WHERE ART THOU? Crawford Chalmers CPP One of the problems in answering that question in this country is the very meaning of what people understand by the word justice, or hope that it means. For anyone facing criminal charges, there has always been (and always will be) the paramount principle in law of respecting and protecting their rights to a fair trial.
Many millions of pounds are spent preparing cases for trial, and defending those charged with offences. Victims are not so lucky. The various services which support them rely mostly on volunteers and only around 2% of the costs of our criminal justice system are spent directly on them.
For victims of crime however, justice as they experience it too often means disappointment and frustration. Depending on the seriousness of the crime, it can quite simply be life changing.
So why have delays become ‘unforgiveable’? Two of the reasons I submit are not historically focused on enough because they are considered essential to the rights of all defendants.
Only last year the government set up a new board which will attempt to improve a criminal justice system that it hopes will help tackle a range of problems, not least of which are ‘unforgiveable delays’. The only surprise is how long it has taken for this to happen when half of all criminal court trials scheduled on a given day do not go ahead as planned, taking up valuable court time and contributing significantly to the frustrations of victims and their witnesses. As one of many who works when time allows as a volunteer in the Victim Support Witness Service, I know only too well how such delays impact on the way criminal justice works for victims in our courts.
Firstly, whilst there are many who do plead guilty at the very first court date, those who decide to plead not guilty kick start a system which gears up for a trial whether to be held before a magistrate or before a jury in the crown court. The problem is that in literally thousands of those ‘not guilty’ cases, the defendants change their plea to guilty on the date of the trial.
In the early stages of my past life in CID, a renowned criminal barrister told me not to get dispirited following a crown court acquittal – ‘ It’s all in the game’ as he aptly put it. From my perspective, the ‘game’ continues to be played out in courts up and down the country every day. It is a cornerstone of our justice system that a defence lawyer has to ensure the evidence is rigorously tested at all times , and if that means putting victims through the most challenging experience of their lives then so be it. The prize of
8
winning the case is the only objective, and the reality that many people forget is that lawyers practise law, not justice.
WINTER
2014
The result of this is that many millions of pounds are wasted in Crown Prosecution Service costs, but what about the impact on victims? As I have seen all too often, they will be at court waiting to give evidence and preparing themselves mentally for what is often a nerve-wracking experience, only to be told they are not needed. One reason for this is that defendants delay pleading guilty until the day of the trial hoping that victims and their witnesses will not show up, leading to a collapse of the case. In many cases these defendants are being funded by legal aid. In my view this amounts to nothing more than a public funded waiting game, and a straightforward abuse of the system. To put it even more bluntly, I suggest it qualifies as witness intimidation.
The average waiting time for crown court trials, from the time a decision is made to hold a trial to it actually beginning, is six months, though in the London area it is not unusual for a victim to wait a year or longer for a trial to be held. Secondly, and considered a right that can never be jeopardised, is the ‘sacred cow’ in our criminal justice system – the right to trial by jury. This cow means that a defendant can choose trial by jury over small thefts with real examples such as stealing food items worth a few pounds, stealing from a parking meter, or theft of an old mobile phone. To make matters worse, two thirds of defendants who choose a crown court trial in cases which could be dealt with by magistrates (‘either way’ cases) finish up pleading guilty when they get to crown court. Why? In addition to hoping the victim or witness will not turn up, another answer may be found as far back as 20 years ago. Lord Runciman who chaired the 1994 Royal Commission on Criminal Justice warned then that one of the three main objectives for defendants opting for trial by jury was simply to put off the trial. There were a number of “personal” reasons for this, one being to enable defendants to have part of their sentence counted while on remand in a softer prison regime, which includes being able to wear their own clothes!
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 9
ASIS FOUNDATION
The reality of all the delays is that victims may decide to give up on the trial ever taking place, and may no longer want to give their evidence. Can they be blamed for being unable to keep their lives on hold indefinitely?
their representatives take? With such a reality, it is obvious how difficult it can be to persuade victims to report crimes in the first place, and then to be willing to give evidence.
‘Early Guilty Plea‘ system. Amazingly it has taken until very recently for proposals to be put forward for a change in the law which would give greater protection in court for example for victims of rape and child abuse.
Does the longer the time gap between the crime and the trial make it possible that the victim’s evidence is likely to be regarded as less reliable? Could this be a gamble that some defendants and
Some light in the long dark tunnel for witnesses has been the abolition last year of committal hearings intended to speed up and improve efficiency. Pilot schemes have also begun in terms of an
There is much to be done to enhance the rights of victims of crime, because after all “If we do not maintain justice, justice will not maintain us” (Francis Bacon 15611626.
Tackling the Insider Threat: This paper includes a review of the insider threat literature with findings of a Delphi study to arrive at a new approach to defeating the kind of trust betrayal that can undermine organisations.
This is my first year as a Trustee of the ASIS Foundation. One of the things the Board of Trustees is doing is developing a strategy for the future. I hope to report more on that later. In the meantime, I thought I would let you know about some publications the Foundation has published, all downloadable free of charge from the ASIS Foundation website.
A study of security metrics The first is a study of security metrics. It involved a major study of the ways in which security managers do and could use metrics, it was based on an industry survey and in-depth interviews and the output is geared to help practitioners. I think you will find that it is worth a look. The study generated a variety of practical, actionable outputs, including: The Security Metrics Evaluation Tool (Security MET), which security professionals can self-administer to develop, evaluate, and improve security metrics A library of metric descriptions, each evaluated according to the Security MET criteria Guidelines for effective use of security metrics to inform and persuade senior management including a focus on return on investment
www.asis.org.uk
The precise reference for the report is: https://foundation.asisonline.org/Found ationResearch/Research/CurrentResearch-Projects/Pages/MetricsResearch-.aspx
CRISP Reports Another set of publications is the CRISP reports. The acronym stands for Connecting Research in Security to Practice. A range of reports have been produced so far and they are also all downloadable free of charge. Situational Crime Prevention and Supply Chain Security: This provides a discussion of situational crime prevention techniques used in domestic and international supply chains. The author presents a consecutive six-stage approach to mitigate identified and acknowledged risks. Mass Homicides by Employees in the American Workplace: The authors analyze 44 cases of workplace mass homicides from 1986 to 2011 and discuss both the causes and triggers and potential remedies. Fatigue Effects and Countermeasures in 24/7 Security Operations: This paper explores the effects of fatigue and night work on human cognitive performance and offers countermeasures that may be used to combat these effects.
Preventing Burglary in Commercial and Institutional Settings: A Place Management and Partnerships Approach: In this report the author looks at how to assess, manage, and respond to burglaries that occur at commercial and industrial sites. Strategies to Detect and Prevent Workplace Dishonesty: This report examines ways to disarm counterproductive and criminal employee behaviors before they become a serious problem. Lost Laptops = Lost Data: Measuring Costs, Managing Threats: Replacing stolen units is just the start: lost productivity, damaged credibility, frayed customer relations, and heavy legal consequences can cripple your organisation. This paper has pitfalls and remedies for you to consider. If you go to the ASIS Foundation website and look for CRISP Library, you will see the reports, the exact address is: (https://foundation.asisonline.org/Found ationResearch/CRISP-Reports/CRISPReport-Library/Pages/default.aspx). Moreover, the Foundation is hearing from any of you interested in writing a paper, download the proposal forms and send one off if this interests you; I know the Research Council (which I am a member of) is committed to producing more. Martin Gill ASIS Foundation Board of Trustees m.gill@perpetuityresearch.com
WINTER
2014
9
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 10
OFFENDERS
Offenders: just how can they be useful? – Prof. Martin Gill Speaking to offenders and finding out how they assess and evaluate opportunities has immense benefits. There are a variety of reasons but I would like to assess two here. First, and one of the things that has emerged from studies of offenders is that the ways in which they assess objects and circumstances can be different. A garden ornament can be a delightful addition to a garden, but to an offender a tool for providing an advantage in a fight, an open widow a good way of letting in fresh air, but to an offender an invitation to burgle. Assessing the ways offenders think provides an opportunity to assess how security measures – typically designed by honest people- fall short or can be re-engineered or reused in a different way. Indeed, it is somewhat ironic that measures that were originally designed to prevent offenders may actually work to their advantage. This can be true in a general sense, for example, some offenders have argued to me over the years that one of the advantages of CCTV cameras is that they lull staff into being less security aware; staff rely on cameras to do the job and so become less attentive to security. In a different way I recall a fellow criminologist, Professor Paul Ekblom noting that signs on the London underground encouraging passengers to beware of pickpockets caused them to check their pockets to make sure the wallet was there; this told observant pickpockets where they needed to focus; they knew which pocket the money was in, it increases their chances of success. I recall one armed robber I spoke to telling me that the fact that there were screens in banks at the time meant that he could be more aggressive in the bank to demand money; banging an item against the screen made a noise and was more scary, he thought it increased compliance with his demands. There are many good aspects to
10
WINTER
2014
measures of course, but they are more readily acknowledged than the alternative. The second way is in terms of understanding just how much the context in which people work provides the skills necessary to make a crime possible. And I do mean skills here. We know that one reason for workplace crime is a grudge or feeling of disappointment with colleagues and/or the company, but they are motivators or triggers, where I am more concerned here about the ways in which offenders commit their crimes. We can often do a lot more to disrupt and prevent crime when we know how people do it. I have spent some time recently with fraudsters. What is intriguing about workplace fraudsters is how they use the skills sets acquired at work to commit offences. Indeed, while there has been a tendency to see the decision to commit crime as different from the act itself, in practice the overlap is considerable. During my interviews with fraudsters one of the most interesting findings was that most did not join the company to commit fraud, something happened along the way to change their behaviour and views. Most had never been in trouble with the police before and were not contenders for being under suspicion by their employers, so something happened. Elsewhere I have discussed the range of reasons including need for money, addictions, to gain status, because the opportunity presents itself and because of intimidation. Of course these all lend themselves to interventions. But what is it about the workplace that makes it attractive? The first thing is that employees build up skills in their job about weaknesses in crime prevention measures, knowing about these weaknesses can breed and feed the idea of a crime. Moreover, because the weakness is at work, and exploiting it will most often
Martin Gill Director of Perpetuity Research m.gill@perpetuityresearch.com involve skills and knowledge that are acquired and honed through work, the key ingredients of an offence, a motivated and skilled offender; an available victim, and the absence of a capable guardian are present. One offender I spoke to stole money from his employer and was encouraged to keep stealing when he realised that the employer never checked the cash deposit properly. He had a gambling habit and hoped to pay the money back before it was noticed but that failed. Another offender stole money from a pension fund, but knew how to break the rules and get away with it (at least in the short run) via his accountancy training. In both these cases the procedures in place, designed to facilitate business and prevent theft were poorly constructed and/or operated, and certainly did not take account of internal experts being able to exploit opportunities with skills and knowledge gained at work. In this short article I just wanted to highlight some of the reasons why we need to consider what offenders say. We must treat their words critically and carefully – many are adept liars after all – but security is likely to be less effective if we ignore their wisdom altogether.
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 11
NEW MEMBERS
Welcome to these new and returning Members Martin Abbott Andrew Edwards Daniel Jones Tony Rumgay Jon Akande Obioha Egere Tim Jones Robert Sait Ted Allen Freddie Ellis Ignas Karvelis Craig Seckerson Paul Anderson Matt Etheridge Mark Kilnan Simran Sembhy Richard Austin William Faas Daniel Krause-HarderCalthorpe Noel Sheeran Peter Barons Jamie Farrell Mark Langworthy Alec Shermer Nasir Bashir Noel Feeney Brian Larkins Victor Shok Cherry Batchelor Andy Finney Matthew Lee CPP Graham Sims
Paul Beat Nik Flytzanis Nicky Lowry Craig Smith Paul Bentley Matthew Fountain Jim Maietta David Smith David Berezansky Tom Frankland Chris Marshall Shaun Southall Darren Blackie Andrew Gait Paul McKay Barrie Stewart James Borrelli William Garrihy David McWilliams Sean Sutton Dylan Bowen Andrew Gemmell Patrick John Mifsud Charles Swanson David Buckley Geoff Graham Alexander Morakinyo John Tasker Timothy Burchell Chris Grao Emma Morgan Nicola Thompson Kevin Burke
CPE DAYS Holders of CPP, PSP and PCI certifications need to recertify every three years, by amassing CPE points. This year, for the first time, we have run a number of free-to-
www.asis.org.uk
Jeff Green Celine Murphy Rory Thorne Micky Calcott Stewart Griffiths Colin Myers Alex Thornton Andy Carroll Lawrence Hardcastle Steve Newboult Carl Thorrington Kristian Carter Daniel Harper Lionel Nightingale John Tristram Matthew Cawthorne Nigel Hawkins Nicholas Nunn George Turns Ali Chahine Anthony Hayward Benard Olali Daniel Verity Ian Clarke Stephanie Hensler Ernie Pallett Katie Vint Peter Consterdine Richard Higgins Jason Palmer James Walters Adrian Cox Wesley Hodgens
attend CPE events thanks to the support of our CPE Partner Axis Communications. We are also very grateful to Stewart Hughes CPP and Corin Denison CPP of Adidas Group and John Murphy CPP PSP of State Street Bank for, very
Anthony Pelli James Waring Caroline Demoulpied Paul Hollands John Phillips James Williams Paul Denning Stephen Hollings Anton Pieterse Michael Williams Ray Dolan Adrian House Gail Pinkerton Michael Wood Paul Drawbridge Colin Huggins Stephen Porter Jordan Wylie Matthew Duff Wayne Hughes Roman Przekop Julie Young Phillip Dunn Simon Hunt Sean Purnell Simon Zammit Frank Dunsmore David Hurley CPP Rupert Reid Christopher Eckersley Joel Johnson Samuel Robb
kindly, hosting the events. We are working on plans for similar events for 2015
WINTER
2014
11
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 12
CPP
CPP “COACH INN” The ISMI™ Preparation Programme for the ASIS CPP® Certification got off to a successful start recently with 9 professionals attending the first phase, 8-10 October, in a quiet pub in the Worcestershire countryside. The timber-framed setting of the function room provided the perfect backdrop for three days of intensive study during which candidates were introduced to the detail of the CPP domains and the content that would likely form the base for the examination.The group, which included several students with extensive policing experience, worked exceptionally well to cover the core material in 3 days and will now spend 4 months consolidating and developing their knowledge by means of distance learning tasks, and telephone/email coaching, culminating in 3 days back in the classroom where they will hone
12
WINTER
2014
their skills on approximately 800 practice questions.ISMI's preparation programme, led by David Cresswell CPP PSP, is a brand-new course incorporating the latest changes to the study materials. It is offered at a special fee of £1250 (+ VAT) for Chapter members, which includes 6 days in class, 4 months of distance learning and coaching, and access to an online library of support resources.During the past 10 years David has helped over 200 security professionals achieve
ASIS certification and is the recipient of two awards from ASIS International for his work with certification programmes.
ISMI™ 2015 Preparation Programme for ASIS CPP® Led by David Cresswell CPP PSP Two phases: 13-15 May and 14-16 October plus distance learning
£1250 +VAT Contact Janet Ward enquiries@ismi.org.uk
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 13
JSAFE
JOINT SECURITY ASSOCIATIONS FUNDRAISING EVENT (JSAFE) September saw the inaugural JSAFE event. This was a coming together of five security organisations, ADS, ASIS UK, City of London CPA, IPSA and The Security Institute to raise money for worthwhile causes. The two charities selected this year were PTSD Resolution who treat veterans suffering from military trauma and St Giles Trust, who work to rehabilitate ex-offenders. The event, a formal Dinner held in The City of London, raised ÂŁ16,000 through ticket sales, a raffle and the auction of items and events generously donated.
www.asis.org.uk
Whilst this was less then the target amount, the ÂŁ8,000 each charity will be receiving will be put to good use and will enable them to help numerous people. Plans are underway for the 2015 event where we hope to raise even more.
WINTER
2014
13
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 14
COMPLIANCE
Assuring Compliance, Reducing Risk and Saving Costs around Physical Access Governance and Administration – Dr Vibhor Gupta, Chapter Technology Lead What does risk and compliance around Physical Access Governance involve? Banks, financial institutions, companies managing critical national infrastructure such as utility providers, nuclear power plants and data centers are mandated to ensure compliance against government and/or industry regulations for several areas of their business. The risks associated with failure of compliance are related to the financial and reputational profile of any organisation and therefore are taken very seriously across all levels and areas. Therefore, organisations implement rigorous processes with internal checks and balances to ensure that they are able to measure the level of their compliance and thereby identify any areas of concern ahead of time. Physical Access governance is one such area, which relates to ensuring that: the right person has (physical) access to the right place at the right times all required vetting and validation of any person (who is being provisioned physical access) has been done in accordance to the security policy of the organisation necessary approvals are received before physical access is provisioned for a particular area (for example those which are critical/high security areas such as data centres) for any person required training and certifications (for example, health and safety) are in place in accordance with the security policy of an area physical access is revoked or suspended per the defined security policy In order to measure and assure compliance around these aspects, organisations have to collect, manage, analyse and report on a lot of data
14
WINTER
2014
and processes during the lifecycle of any person who steps foot on their sites. This involves collaboration between several departments concerned with Physical Security, IT, Risk and Business continuity. However, ownership and liability of these aspects mostly lie with the Physical Security department. Hence the reason that in a 2012 (July) survey conducted by the CSO magazine and IDG research group, 63% participants, who were serving chiefs/directors for physical security at medium/large organisations classified compliance around physical access governance as a critical/high priority. When including those who classified it as a moderate priority, this figure went up to 92% of the total participants.
How do organisations assure compliance around Physical Access today? And what are their challenges? Until now, Physical Security groups worldwide have relied heavily on the use of various systems/devices such as physical access control systems (PACS) to help them measure the metrics outlined above and assure compliance. However, in addition to the collection of data from these systems, measuring overall compliance involves a lot of administrative effort and cost due to the lack of any easily available audit trail for all processes, which led to the generation of the data initially. This spend is further compounded when there are disparate sources of information/ systems deployed at an organisation, which is true for most global enterprises who have grown (organically or through mergers/acquisitions) and inherited a legacy of different systems for different areas, sites or regions. Recently, many organisations have spent millions of dollars on standardising their systems (such as
Dr Vibhor is the ASIS UKChapter Technology Lead and can be reached at vg@asis.org.uk PACS) to one model or type with the intent to reduce the risk and administrative spend involved in measuring and assuring compliance. However, such investments haven’t helped them significantly in this aspect. Hence the reason that more than 70% of the respondents who took part in the CSO/ IDG research in July 2012 (referenced earlier) identified this area to be of significant concern given the high risk and increasing costs of ownership, both of which couldn’t be addressed by any of the existing systems or devices which they were aware of.
How can the current challenges be addressed whilst saving cost? What is PIAM? In the light of decreasing budgets around physical security and increasing operational costs, it’s important to identify a way in which all processes and data can be captured, audited, reported and analysed in the most cost and time effective manner. To meet this need, a new class of enterprise software was introduced, Physical Identity and Access Management (PIAM).
www.asis.org.uk
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 15
COMPLIANCE
The purpose of a Physical Identity and Access Management (PIAM) solution is to allow physical security administrators to have a single selfservice user interface from where they could view, control, audit and report on data and processes relating to any person (employee, contractor or visitor) and their physical access. A key component of PIAM solutions, is a rule based engine which allows physical security administrators to define all workflows along with necessary checks and balances (discussed above) required for provisioning physical access for any person. This gives the administrators a capability to automate and audit the implementation of these processes through one single user interface and thereby eliminate the need to extract, normalise and stitch data from multiple source systems manually thereby saving a significant amount of cost and effort. The important thing to remember is that PIAM solutions are not a replacement for physical access control systems (PACS) or others such as physical security information management systems (PSIM) but rather a complementary fit in an organisation’s security infrastructure. PIAM solutions integrate with existing PACS to source/provision required data per the workflows defined in their rule engine. Additionally, PIAM solutions provide physical security administrators the capability to schedule and create reports/ audits to measure their organisation’s level of compliance. Examples of some questions, which a PIAM solution will help provide answers for easily are listed below: • Are all people with physical access to a particular area security cleared? • Are there any people with physical access to a particular area who don’t meet the necessary training or certification requirements which are mandatory for that area? If yes then has their physical access been terminated/suspended? • Have all people with access to a particular area been approved for access by the respective area
www.asis.org.uk
owner/authoriser? • Has an area owner/authoriser validated all people who have access to their area? • Have the results of any change in security policy or compliance regulations successfully implemented across all concerned areas and for all concerned people (such as employees, contractors or visitors)? What is the scale of impact for any such changes, i.e. how many people and areas are impacted? • How compliant is the organisation against various parameters defined as part of an industry regulation such as SOX, SAS16, Basel III, SAS70, NERC and FERC? • Has the organisation taken necessary action in areas where it’s failing compliance currently? Does this require any process reengineering internally? What are the benefits of PIAM with respect to reducing risk and assuring compliance? And, is it easy to implement? The time and cost savings, which can be achieved through a PIAM solution, are subjective to an organisation’s industry sector, compliance mandates, processes and existing infrastructure. However, various case studies and examples have shown that such solutions can help reduce the overall operational costs by 60% on average. Most importantly, the ability to proactively audit and manage processes provides a great opportunity for any organisation to reduce their risk significantly. A typical return on investment for such a PIAM solution is seen to be realized in 8-10 months from the date it’s implemented. Hence, a PIAM solution can help add value to an existing security infrastructure by providing opportunities to assure compliance, reduce risk and save significant operational cost. Finally, it’s important to consider the ease of implementing a PIAM solution. The primary objectives of implementing such a solution are to reduce risk and costs whilst maintain full business continuity. Hence the
reason it’s highly recommended to consider a commercial off-the-shelf (COTS) PIAM solution rather than those which are customised/bespoke versions of existing solutions. Given the level of integrations (for example with disparate PACS, logical systems) and the sophistication of managing, auditing and reporting on related data/processes, it’s imperative that implementation of a well referenced COTS product would be much smoother than that of customised/bespoke solution.
Summary and Conclusion The priorities around physical access governance will continue to be focused on reducing risk and assuring compliance across an organisation’s estate for all people working there (employees, contractors and visitors). Regardless of the ownership of such a responsibility, infrastructure across most organisations will mandate collaboration across various departments and integration across various legacy/systems. This will be further compounded by the need to reduce operational costs whilst assuring full compliance. A PIAM solution could help achieve these objectives. An ideal PIAM solution will be one which can allow organisations to collect and manage the flow of data across disparate systems (such as different physical access control systems) and additionally present them with the capability to automate auditing and reporting of related processes/workflows for all areas and people (employees, contractors, visitors). A return on investment in the form of operational cost savings and identifiable risk reduction (through automated auditing and reporting) should be carefully assessed by each organisation per their compliance mandates, process complexities and existing infrastructure. Finally, successful implementation of a PIAM solution is the key to any such initiative and therefore it’s highly recommended that a well-referenced COTS product is considered in this regard.
WINTER
2014
15
ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54 Page 16
S E CU R ING
THE CITY
ACCESS CONTROL, CCTV, & INTRUDER DETECTION HEAD OFFICE: Reex House The Vale Chalfont St Peter Bucks SL9 9RZ Tel: +44 (0)1753 482248 LEEDS OFFICE: 1200 Century Way Thorpe Park Business Park Colton Leeds LS15 8ZA Tel: +44 (0)1133 221026
Email: sales@fsslimited.com follow us at:
fsslimited fsslimited
www.fsslimited.com