Security Solutions Magazine Issue 100 by Interactive Media Solutions

A U S T R A L A S I A’ S L E A D I N G S E C U R I T Y R E S O U R C E F O R B U S I N E S S A N D G O V E R N M E N T

ISSUE #100 MAR/APR 2016

$9.95 inc GST / $10.95 NZ

ISSN 1833 0215

ModernCombatives

R CONTROL ROOM FURNITURE RALIAN STANDARDS?

T RISK OF LONG TERM INJURIES? NG EFFICIENCY? ROOM FURNITURE MEET O 11064?

UWC Electric

would like to thank our supporters for helping us reach the 100th issue

Ezi

ACTIVCONSOLE CUSTOMISED CONTROL ROOM CONSOLES ARE DESIGNED TO AS/NZS 4443:1997 & ISO 11064, REDUCING FATIGUE, INCREASING EMPLOYEE EFFICIENCY AND PRODUCTIVITY WHILST BOOSTING WORKPLACE SAFETY. PROUDLY AUSTRALIAN DESIGNED AND MADE WWW.ACTIVCONSOLE.COM | SALES@ACTIVCONSOLE.COM (03) 9574 8044 | CLAYTON 3168 VICTORIA

ICU SOLARCAM

Australian Event Protection (WA) Pty Ltd

intelligent storage the creone keybox is a new solution for management of valuables & keys. absolute control easy to use With the Creone KeyBox range you will have complete control over your keys and valuables. Whatever your requirements you can choose a basic or more advanced solution.

There is one important requirement when it comes to storage systems that are used by a number of different people: the easier to use, the better.

Creone offer everything from key cabinets and value boxes that will meet your basic needs to advanced systems that monitor every single key and user.

Creone intelligent technology automatically keeps things in good order, and thanks to the user-friendly software, it is easy for the administrator to monitor key use and control.

Total flexibility

Key Features

Creone KeyBox systems are flexible, which makes it easy for you to adapt your system when your needs change. Start with a solution that is suitable for your current needs, and expand it as your needs grow. Your storage solutions are future-proof when you invest in a Creone KeyBox to manage your keys and valuables.

• A simple and flexible solution • Over 40 different models and styles available • Easily expandable • Intuitive management software • Made in Sweden

visit us at...

Visit lsc.com.au/creone for more information.

Creone develop intelligent storage systems. They have being doing this since they started in 1979, and today supply solutions to companies in 30 countries. Creone have three keywords for their storage solutions; Control, Flexibility and User-Friendliness. Whatever your needs, they have a solution you can offer with security and good order â&#x20AC;&#x201C; both today and in the future.

A Solution to Suit Creoneâ&#x20AC;&#x2122;s extensive KeyBox range will offer storage solutions to a variety of industries.

Pharmacies

Banks

Car dealerships

Shops

Hotels & Hostels

Offices

Police

Taxis

Aged care facilities

ED e C AN e edg V AD at th 8 to ICS p U LYT A AN

360-degree Revolving

Auto Tracking

Scream Detection

All Weather Model

Preset Tours

30 X Optical, High Speed 360째 with built-in Auto Tracking

CAPTURE EVERYTHING IN THE HIGHEST QUALITY With a 75 year history of manufacturing state-of-the-art camera and lenses, our range of Network Cameras set the benchmark in image quality, colour accuracy and low light performance. Select models have super-fast, accurate 360째 rotation with auto tracking; impressive WDR performance; models with IR illumination systems that allow you to see long distances even in complete darkness and fixed cameras with intuitive remote PTRZ-F functionality. Six advanced analytics are standard across the range, with certain models having eight allowing you to do more with what you see and hear.

Infrared Illumination

Auto Day/Night

Area Zoom

Intelligent Function

Intrusion detection

See in the dark up to 30 metres with an advanced dual beam Infrared (IR) illumination system1

PTZ

• • •

Dome

VB-R11VE (Outdoor, 360°) VB-R10VE (Outdoor, 360°) VB-R11 (Indoor, 360°)

• • • •

VB-M641VE (Outdoor Fixed Dome) VB-M640VE (Outdoor Fixed Dome) VB-M641V (Indoor Fixed Dome) VB-M640V (Indoor Fixed Dome)

Full Body

• • •

VB-M741LE (Outdoor w IR) VB-H730F (Indoor/Outdoor)2 VB-M700F (Indoor/Outdoor)2

All above models have remote PTRZ-F. Disclaimer: Features vary between models. Please review model specification before purchasing. 1

15m/POE & 30m/POE+

Optional housing required for outdoor use

Available from:

View the complete 25 model range at canon.com.au/networkcameras call (02) 9805 2074 or email specialised.imaging@canon.com.au

CONTENTS100

COVER STORY: THE EVOLUTION OF SECURITY

052

072

The world has changed dramatically in the 17 years since the launch of Security Solutions. We look back at the milestones that have marked the evolution of security, from the rise of digital security equipment through to the fall of the World Trade Centre Towers and the proliferation of terrorism.

BEHAVIOURAL ECONOMICS What is behavioural economics and how can savvy security managers use this dark art to bring about more favourable outcomes from security programs?

080

IMPROVING SECURITY BY DEGREES Is there a disconnect between the offerings of academia and the needs of the business community with regard to the host of security degrees currently available? If so, what impact is it having on the development of security as a profession and what might be done about it?

096

BREAKING THE GLASS CEILING Why is the current security management paradigm preventing security managers from breaking the glass ceiling and moving into executive level positions within organisations?

100

THE PSYCHOLOGY OF SECURITY AND PERCEPTION OF SAFETY Have the changing risk climate and the increased fear within the community given rise to a new practice of psychological security, where security measures are enacted for their mental rather than physical benefits?

006 SECURITY SOLUTIONS

SECURITY SOLUTIONS 007

CONTENTS100 010

LETTER FROM THE EDITOR

012

BRIGHT IDEAS

030 LEGAL How can you more effectively manage the risks from workrelated violence?

014 CRIMINAL ODDITY It should be called “What not to do to end up in this section”, but alas, we find a special home for those who are met with odd criminal situations and a lack of intellect.

016 LEADERSHIP What makes a good leader? 020

CYBER SECURITY Why is Australia developing a reputation as a

leader in cybersecurity?

022 RESILIENCE What is resilience and how does it apply to security management?

024

032

THINKING ABOUT SECURITY How can you accurately explain the role of

security to other managers within the organisation?

048 EVENTS A look at upcoming industry events. 044 ALARMS We look at alarms in the age of intelligent buildings. 048

OPERATIONS Richard Kay looks at trauma management and its

effect on response options.

052 CCTV What is HD-TVI?

HUMAN RESOURCES What are the dangers of casual employees in the 058

BUSINESS What is the value of human resource resilience in security?

security industry?

026 RISK MANAGEMENT What happens when risk management fails?

070

LEGAL Q&A What can you do when business partnerships go bad.

028 COMMUNICATIONS Why does the future of security rest between

076

LOSS PREVENTION How has loss prevention evolved over the last 15

corporate portfolios?

038

years?

100

084 AVIATION Steve Lawson looks at the vulnerability of commercial aircraft

096

104

SECURITY STUFF

106

SPOTLIGHTS

possible future directions.

110

PROFILES

PROFESSIONAL DEVELOPMENT Is security actually growing as a profession?

114

PRODUCT SHOWCASES

118

SHOPTALK Company announcements from within the industry.

to ground-based attacks.

088 ACCESS CONTROL We look at the evolution of access control and its 092

008 SECURITY SOLUTIONS

CHANGING THE GAME AGAIN...

IT’S KIND OF OUR THING

IS NOW FLIR’s unparalleled thermal security cameras combined with DVTEL’s acclaimed video management system has changed the security game. FLIR now provides: · End-to-end security solutions · Open platform for easy integration of third party partners, technologies and cameras · The widest range of thermal and visible products that can be used with any system Yeah, we told you this was a big deal. DVTEL is now FLIR.

flir.com/dvtel

SECURITY SOLUTIONS 009

www.securitysolutionsmagazine.com

Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Helen Sist, Ged McMahon

Contributors: Garry Barnes, Dave Brooks, Jason Brown, Greg Byrne, Michael Coole, Rod Cowan, Rachelle DeLuca, Darren Egan, Kevin Foster, Jonathan Johnson, Richard Kay, Steve Lawson, Codee Ludbey, Rita Parker, Anna Richards, Rodney Timm, Alex Webling, Don Williams, Tony Zalewski.

Advertising rdias@interactivemediasolutions.com.au Phone: 1300 300 552 Publication Co-Ordinator: Ranjit Dias

Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)

Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552

Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552

Publisher

Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.

RS A DE VI

SSOCIATI

ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au

SECURIT Y

RALIA LTD UST FA

Written Correspondence to:

Or i g i n a l Si z e

O C I AT I

Y P R OVI D

RIT

D LT

PR O

ASS

SPAAL

AU S T R A L I A

STRALIA LTD AU

SECURITY

Official partners with:

SSOCIAT IO N

RS A DE VI

blue colour changed to this colour green.

COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................

010 SECURITY SOLUTIONS

Superior Detection. All the Time.

The most accurate motion detection camera available. Thermal mini-Bulle T Camer a

• Reduce false alarms with more reliable motion detection • Most affordable intrusion detection and video alarm verification system • Easy integration – PoE/12VDC, IP/ MPX(HDCVI)/analog, ONVIF Find out more at www.flir.com/isc-west-dailies

Asia Pacific Headquarters HONG KONG FLIR Systems Co. Ltd. Room 1613 -16, Tower 2, Grand Central Plaza, No. 138 Shatin Rural Committee Road, Shatin, New Territories, Hong Kong Tel : +852 2792 8955 Fax : +852 2792 8952 Email : flir@flir.com.hk

SECURITY SOLUTIONS 011

LETTER FROM THE EDITOR To anyone and everyone who has had anything to do with the magazine over the last 17 years, we owe a huge debt of thanks. To the the faithful readers and subscribers who have provided such important feedback and insights into the development of the magazine; to the selfless contributors who have given of their time, knowledge and expertise; to the advertisers who have supported and helped build the publication, we say thanks. Without you, Security Solutions could not and would not exist. The industry has enjoyed a fantastic period of change and evolution over the last 17 years since the launch of our first issue in July of 1999. From the proliferation of the Internet and the growth of digital communications and social media, to a raft of technological innovations such as digital CCTV, IPbased security systems and, more recently, cardless and keyless entry. Today’s security professionals are more likely to have an MBA than a background in law enforcement or the military, while alarm installers and locksmiths are becoming proficient in network programming and IP communications. Terrorism presents a real and present danger on a global scale, while things like climate change, rising sea levels, food shortages and energy demands are all giving rise to the kinds of new security challenges that, 20 years ago, we would not have thought to consider as looming security issues. In order to meet the demands of a new generation of security professionals facing a myriad of new security challenges, we have made some significant changes to the content of the magazine. You will notice that the first half of the magazine now includes a host of short columns from some of the industry’s leading experts on areas such as leadership, risk management, cybersecurity, resilience, human resources and more. We know through discussion with readers that today’s security manager has more contact with their organisation’s C Suite and board of directors than ever before. These new sections of the magazine are designed to help readers better understand how to capitalise on those relationships, improve the performance of their business unit and help make a meaningful contribution to the wider organisation, thus improving the value of security. Technology is advancing more rapidly than ever before. This is enabling security practitioners to collect more meaningful data with a view to providing better, more effective solutions. Connected homes, intelligent buildings, smart cities and the Internet of Things are just some of the emerging trends that we expect to see shaping the next decade in security. However, given the rapid rate of development and change, it is almost impossible to predict with any accuracy what the next decade in security might look like, but one thing is certain, as long as there are new and interesting developments to report, we will be there to bring the information to you. Thank you once again for your support and we hope you enjoy this, our 100th issue of Security Solutions magazine.

John Bigelow Editor

012 SECURITY SOLUTIONS

GAIN CONTROL WITH ONEVIEW Defuse situations quicker with a truly unified security control room solution Saabâ&#x20AC;&#x2122;s OneView is a next-generation physical security information management integration platform that provides unprecedented levels of subsystem integration in mission-critical infrastructure environments. OneView empowers operators to respond effectively and efficiently to the most stressful situations. Offering accurate intuitive situation awareness, a simple operator interface, fast detection-response and comprehensive support for post action analysis, OneView is the ultimate choice for modern surveillance and security operations. You can rely on Saabâ&#x20AC;&#x2122;s thinking edge to bring your control room under real control. saab.com/australia

REGULAR

BRIGHT IDEAS New Super Light Body Armour: 10 x Stronger Than Steel

Graphene’s great strength appears to be determined by how well it stretches before it breaks, according to scientists from Rice University in Houston, Texas, who recently tested the material’s properties by peppering it with microbullets. The two-dimensional carbon honeycomb discovered a decade ago is thought to be much stronger than steel. Edwin Thomas, a materials scientist at Rice, did not need even close to 0.5 kilograms of graphene to prove the material is on average 10 times better than steel at dissipating kinetic energy. The researchers reported in the latest edition of Science that firing microscopic projectiles at multi-layer sheets of graphene allowed the scientists to determine just how hard it is to penetrate at the nano level – and how strong graphene could be in macroscopic applications. Thomas suggested the technique he and his research group developed could help measure the strength of a wide range of materials. “While other labs have looked extensively at graphene’s electronic properties and tensile strength, nobody had taken comprehensive measurements of its capability to absorb an impact,” Thomas said. His lab found graphene’s

014 SECURITY SOLUTIONS

capability to simultaneously be stiff, strong and elastic gives it extraordinary potential for use as body armour or for shielding spacecraft. The lab pioneered its laser-induced projectile impact test (LIPIT), which uses the energy from a laser to drive microbullets away from the opposite side of an absorbing gold surface at great speed. In 2012, they first used an earlier version of LIPIT to determine the properties of multi-block copolymers that could not only stop microbullets, but also completely encase them. Since that study, Thomas and lead author Jae-Hwang Lee, a former research scientist at Rice and now an assistant professor at the University of Massachusetts at Amherst, have enhanced their technique to fire single microscopic spheres with great precision at speeds approaching three kilometres per second, much faster than a speeding bullet from an AK-47. The researchers built a custom stage to line up multi-layer graphene sheets mechanically drawn from bulk graphite. They tested sheets ranging from 10 to 100 nanometres thick (up to 300 graphene layers). They then used a high-speed camera to capture images of the projectiles before and after hits to judge their

speed and viewed microscope images of the damage to the sheets. In every case, the 3.7-micron spheres punctured the graphene. But rather than a neat hole, the spheres left a fractured pattern of ‘petals’ around the point of impact, indicating the graphene stretched before breaking. The experiments revealed graphene to be a stretchy membrane that, in about three nanoseconds before puncture, distributes the stress of the bullet over a wide area defined by a shallow cone centred at the point of impact. Tensile stress cannot travel faster than the speed of sound in materials, and in graphene, it is much faster than the speed of sound in air (343 metres per second). Controlled layering of graphene sheets could lead to lightweight, energy-absorbing materials. “Ideally, you would have a lot of independent layers that are not too far apart or so close that they are touching, because the loading goes from tensile to compressive,” Thomas said. “That,” he said, “would defeat the purpose of spreading the strain away from the point of impact.” Visit http://news.rice.edu for more information.

SECURITY SOLUTIONS 015

REGULAR

CRIMINAL ODDITY

Points For Effort Derrick Mosley, 22, of Washington County, Oregon in the US, is not the kind of guy you would want to run into in a dark alley. He is also not the kind of guy you would want to have sit an exam for you. Derrick, in his infinite wisdom, decided he needed a gun. We do not know why Derrick wanted the gun; we just know that he did. Derrick decided the best way to get a gun was to steal one. This brings us back to our earlier point about Derrick not being too bright. You see, stealing a gun implies that the other person has one, which is a distinct disadvantage for Derrick as he did not have a gun – hence the need to get one. Unlike Derrick, you can already see the flaw in this plan. Derrick’s next thought, assuming there was any thought involved, went to establishing the most likely place he might find a gun. In the US, what more obvious choice of place to find a gun than in a gun shop. Armed with this revelation, and little else, Derrick set out to a neighbourhood gun store to obtain a gun. Of course, rather than using a credit card or cash like other people, Derrick used a baseball bat.

016 SECURITY SOLUTIONS

Yes, he attempted to smash the display case with a baseball bat and steal a gun. Of course, there are two very glaringly obvious flaws in this plan to everyone other than Derrick. Firstly, guns kept in display cabinets are not loaded and, therefore, somewhat useless in the confrontation that one might expect to ensue in the wake of smashing open a cabinet in a gun store. Secondly, the only thing dumber that trying to steal a gun from someone who has a gun when you do not, is trying to steal a gun from someone who has lots and lots of guns – using a baseball bat. Needless to say, there are no Alfred Hitchcock type plot twists to this tale. Hence why Derrick is in this column… and jail.

Something Amish Many readers will be aware of the Amish, a group of traditionalist Christian church fellowships best known for their devotion to simple living, plain dress and a reluctance to adopt the conveniences of modern technology. Based predominantly in Pennsylvania in the US and some parts of Canada, these God-fearing

Christians are not traditionally known for their outlandish criminal behaviour. However, on very rare occasions, when the moon is full and the planets align, a Lex Luther type criminal mastermind may appear amongst their ranks to wreak havoc and sow dissent. According to police reports, Levi Detweiler was one such aberration. In the ultimate show of criminal contempt for the law, 17-year-old Amish youth Detweiler ran a stop sign in his horse and buggy. Can we really use the word ‘ran’ in this case? Perhaps ambled through a stop sign would be a better description. The unrepentant Levi continued his reign of chaos and terror by leading police on what might possibly be the slowest police chase in history. Reports claim police pursued Levi for over a mile. What they meant to say was that they walked alongside him politely asking him to please stop the horse. Sadly, as is so often the case with such tales, the police chase (walk) finally ended in disaster when young Levi, in a final desperate attempt to allude police, took a turn too sharply and ended up tipping his carriage on its side.

OFFICE BUILDINGS WAREHOUSES DAY CARE CENTERS HOSPITALS SCHOOLS ACCOMMODATION & HOSTELS RETAILSTORES AIRPORTS GYMS SMALL BUSINESSES PROPERTIES

Triview CCTV, We’ve got “YOUR” solution Covered ! WHY TRIVIEW VISION? WE STRIVE TO PROVIDE OUR CUSTOMERS WITH HIGH QUALITY FULL HD 1080P PRODUCTS AT AN AFFORDABLE PRICE. OUR PRODUCTS ARE BACKED UP BY OUR TECHNICAL KNOW HOW AND FOCUS ON CUSTOMER SERVICE AND SATISFACTION.

w w w . t r i v i e w . c o m . a u For more information contact Nidac Security

T: 03 9808 6244

THE EXCLUSIVE DISTRIBUTOR OF

E: sales@nidac.com CCTV PRODUCTS

SECURITY SOLUTIONS 017

REGULAR

LEADERSHIP Leadership In Security By Jason Brown

When the editor asked me to do a regular column on leadership in security, I readily said yes and then, as I began to think about it, I thought that it might have all been said before. There are so many books and articles about leadership that I began to wonder if I could add any value. It then occurred to me that, rather than theory, I would relate to my own experiences from working for good leaders. Therefore, from time to time, I may refer to the literature on leadership, but most of the time I will write about the good and bad leaders I have experienced, their characteristics and their methods. Allan Hawke, the Secretary of Defence while I was working for the government in the early 2000s, had an approach he designated Results through People. At its heart, he encouraged leaders at all levels that it is their responsibility to engage the people that work for them to achieve the outcomes required to meet objectives. Leaders need to know their people, their strengths, their weaknesses, the opportunities available to them and to communicate the vision, objectives and results to all levels of their part of the enterprise. What is critical for leadership is that leaders do not just talk about it but actually do it. Despite an otherwise overwhelming schedule, Hawke realised that he needed to make time for those in the middle-level leadership roles who were directly responsible for managing sections if he was to enhance Defence leadership. After all, the best of these would be the senior leaders of the future. In the Results through People development

018 SECURITY SOLUTIONS

program, he made time to participate in the activities and, on many occasions, played a role in the simulations that were used to challenge the participants. When he was doing so, he noted those who were interested, committed, making an effort, had a desire to do better and had potential for leadership. In his own development as a leader, he had read widely and could identify books and articles of value. In the case of one of my own staff at the time, Hawke identified his interest in the Emotional Quotient (EQ) work of Goldman. I remember vividly my Assistant Director coming into the office to show me the book by Daniel Goleman signed by the Secretary and inscribed to him personally and noting his interest in this area and hoping that he would find the book as helpful as Hawke did. Within days, most of the people in my department were aware of the gift and the personal commitment of the Secretary to Results through People. The effect of this was noticeable in changes of behaviour, renewed commitment and reduction of the cynicism that sometimes surrounds programs from the people who actually got the work done. In an organisation of 70,000 people, for the â&#x20AC;&#x2DC;bossâ&#x20AC;&#x2122; to reach out in this way, and be visible in doing so, to so many people down in the ranks was exceptionally powerful in sending the message to all that his people development program was genuine. This was no general email to all staff making policy platitudes, but an actual hands-on presence.

So what does this mean for leadership? If you want to be a leader, plan your time to genuinely engage with your people, recognise that leadership occurs at all levels so senior leaders ensure you have open communication, provide development and consistently communicate your vision and objectives to those who make it happen. Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry â&#x20AC;&#x201C; Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience. In the next two columns, I will look at how leaders use vision and values to shape an organisation for success. Subsequent columns will address the issues of planning, communication, training and development.

Open Platform VMS by AxxonSoft

MomentQuest2

Interactive 3D Map

Forensic Search

Logically arranged, Intuitive interface. Clear 2D/3D view if all cameras at a site. Show/hide camera feeds, names and fields of view, as well as tilt the map for convenience. Easily pinpoint any individual camera or event of interest.

09:17:34.371 AM

09:19:12.003 AM

09:22:40.022 AM

09:23:02.107 AM

Quickly retrieve archive footage of events thanks to the VMDA database, which stores meta-data such as object size, color, motion direction and speed. Fine tune your search with multiple filters: Zone entry Motion in zone Motion from one area to another Too many objects in a zone Loitering

Time Compressor Quick view of archived video

SolidStore file system Fast file access, zero fragmentation Unsurpassed reliability for video storage Greater hard disk service life

97s

12s

Set a time range for video footage and get a short video clip of all moving objects in the scene.

NVMS Solutions

Custom Solutions

+61 7 3841 8882

Megapixel CCTV

Thermal Imaging

sales@sylo.com.au

sylo.com.au SECURITY SOLUTIONS 019

REGULAR

CYBER SECURITY Australia’s Opportunity To Lead In Cybersecurity By Garry Barnes

Cyber attacks are far more pervasive, sophisticated, costly, personal and varied than ever before. From privacy and data breaches in the health sector and ransomware to computer-generated bomb threats at local schools, everyday people are inundated with and affected by a multitude of different types of cyber attacks that continue to make front-page news. Behind the scenes, IT professionals thwart thousands of cyber attacks daily. The Commonwealth Bank of Australia reportedly prevents over a million attacks a day! IT professionals know that it is not if anymore, but when and, as such, many company boards are in lengthy discussion about the best approach and direction to take this year and into the future to protect their data, information and brand. The ISACA 2016 Cybersecurity Snapshot shows that IT professionals in Australia believe the top threats to business this year will come primarily through social engineering (60 percent), cybercrime (33 percent), insider threats (33 percent) and unpatched services (33 percent). Positively, the IT industry, businesses and Australian Government are rising to the challenge, and there is a great opportunity right now for Australia to set the example and lead other countries and industries in cybersecurity, for several reasons. Firstly, Australians, in general, are eager to take up new technology. And according to the Deloitte Access Economics Report, Australia’s digital economy already surpasses

020 SECURITY SOLUTIONS

the agricultural and retail industries, at 5.1 percent of its gross domestic product (GDP), or $79 billion. As such, Australians’ awareness of and education around technology and cybersecurity is strong. Next, the long-awaited Government Review on cybersecurity is expected in March and early signs point to the fact that the Government recognises the need to work together with businesses to address current cybersecurity issues. Businesses recognise that collaboration, information sharing and reasonable notification of a data breach enhances the ability to tackle cyberattacks. Ninety-five percent of Australians surveyed in the snapshot said they favoured regulation requiring companies to notify customers of a data breach within 30 days. Last, because Australians have a strong understanding of the issues and the Australian Government is actively speaking with industry organisations, businesses, consultants and experts about ways in which businesses and Government can support each other and develop best practices, their exists the opportunity to recruit and skill personnel, job seekers and recent graduates, which will also in turn stimulate Australia’s economy overall. According to the Government, the need for IT security professionals is expected to grow by 21 percent (about 9,000 jobs) over the next five years. The cybersecurity skills gap still poses a significant obstacle, with 47 percent of survey respondents wanting to hire more cybersecurity professionals this year,

but finding those with skills and knowledge will be difficult. Many universities are working with businesses to evaluate the courses and skills most needed. Non-profit professional organisations are working with graduates to provide needed cybersecurity skills and jumpstart their career. The cost of cybercrime to the Australian economy annually is estimated at $1 billion, according to the Norton Cybercrime Report 2013. But, cybersecurity creates business opportunity, nurtures innovation and creates jobs. Australian businesses, people and the Government have already invested in and laid down a strong foundation for cybersecurity. Now it is time to show the world what Australians can do and be leaders in cybersecurity.

Garry Barnes, CISA, CISM, CGEIT, CRISC, MAICD, is practice lead, Governance Advisory at Vital Interacts (Australia). He has more than 20 years of experience in information and IT security, IT audit and risk management and governance, having worked in a number of New South Wales public sector agencies and in banking and consulting. ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and worldclass knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries.

50,000+

projects completed

3,000+ gates installed

60,000+ 200,000+ bicycles parked

bollards installed

Call 1300 780 450

ledasecurity.com.au

SECURITY SOLUTIONS 021

REGULAR

RESILIENCE Anyone who saw the 2010 movie Inception would recall the assertion that the most resilient thing in the world is an idea. “An idea. Resilient, highly contagious. Once an idea has taken hold of the brain, it is almost impossible to eradicate.” It could be argued that the concept of resilience is, itself, resilient. It is discussed and written about around the globe. The lead actor in the promotional trailer for Inception stated, “A single idea from the human mind can build cities. An idea can transform the world and rewrite all the rules.” I would suggest that the concept of resilience has changed the way people think about things and it has changed their approach to addressing challenges, risks and threats at an organisational, national and global level. The term has been adopted by nation states and incorporated in policy documents generally associated with homeland security, critical infrastructure, and emergency and disaster management response. Organisations now have dedicated staff to implement resilience strategies. I have spent several years reading, thinking, writing and speaking about resilience and security, as well as developing the concept so it can be understood and implemented within different contexts – at an organisational as well as at a national level. During that time, I have heard more than one person oversimplify the explanation of resilience by describing it as “the ability to bounce back”, while others have offered lengthy and complex engineering, ecological or psychological explanations. Such explanations assume that by giving a complex idea – such as resilience – a convenient label, it will be understood. However, this is misleading, because people need to have more information to understand a concept that has no agreed definition before they can apply the idea of resilience in a meaningful way to achieve a desired goal.

022 SECURITY SOLUTIONS

I have heard more than one person oversimplify the explanation of resilience by describing it as “the ability to bounce back”... I should explain my dislike of the ‘bounce-back’ explanation, because the notion of bouncing back suggests returning to the previous or same state. This fails to recognise that even if there were a wish or capability to do so, changes to the physical, social and psychological reality of organisational or societal life after a disruptive event, such as the impact of a non-traditional security threat, could make that proposition untenable. Such a notion also fails to recognise new possibilities and potential opportunities in the face of adversity. Before adopting the idea of resilience, it is necessary to ask who or what is to be made resilient and against what risk or threat. This is not necessarily an easy question to answer, because the answer may change over time depending on circumstances and different factors. It is also important to recognise that resilience is a multi-disciplinary concept. It can be applied across the corporate and business sectors – manufacturing, services, production and processing – as well as in the public sectors of government, including dealing with crisis, hazard

or infrastructure protection. It can also be applied to a community, an organisation or to a nation, as well as to an individual. Resilience is dynamic, so that different parts of an organisation (or community) can be at different levels of resilience at any given time. Resilience is also part of a dynamic process and part of a time continuum. This means that the level of resilience in an organisation can change at any given time depending on external and internal factors. Importantly, it is necessary to understand that resilience is not a prescribed series of steps or activities that, when completed, will mean that resilience has been achieved and no further action is required. Resilience is worth pursuing, but it is more complex than simply bouncing back.

Dr Rita Parker is a consultant advisor to organisations seeking to increase their corporate and organisational resilience and crisis management ability. She is an adjunct lecturer at the University of New South Wales at the Australian Defence Force Academy campus where she lectures on resilience and nontraditional challenges to security from non-state actors and arising from non-human sources. Dr Parker is also a Distinguished Fellow at the Center for Infrastructure Protection at George Mason University Law School, Virginia, USA. She is a former senior advisor to Australian federal and state governments in the area of resilience and security. Dr Parker’s work and research has been published in peer reviewed journals and as chapters in books in Australia, Malaysia, the United States, Singapore and Germany and presented and national and international conferences. Rita holds a PhD, MBA, Grad. Dip., BA, and a Security Risk Management Diploma.

DEFINE YOUR COVERAGE

● This sensor is equipped with a DUAL-ZONE system that initiates an alarm only when detection occurs in both horizontal and downward zones simultaneously. ● No alarm signal is given if only one zone is activated by small animals. ● Perimeter, window or wall detection can be defined by adjusting detection zones. ● MS-12FE equipped with two sensors can cover two perimeters or windows by itself.

DUAL-ZONE system reduces false alarms, making outdoor use more reliable!

(SIDE VIEW)

‘NO ALARM’ only one Zone activated ‘ALARM’ both Zones activated

Horizontal Zone Variable Range

Downward Zone

5m 10m 12m Detection distance is set by adjusting the angle of the downward zone. Adjustable range 2m-12m, 9 steps.

DUAL-ZONE DETECTION

Our dual-zone PIR series combine horizontal and downward curtains requiring simultaneous activation before an alarm output is triggered. With up to 180° x 12m coverage, these sensors are ideally suited for use in both domestic and industrial intruder applications.

+61 (3) 9544 2477

email: oz_sales@takex.com

MS-12/TX-114

Hard-wired or battery operated outdoor PIR up to 180° x 12m.

PVW-12TE

90° x 12m outdoor PIR with recordable message output.

TAKEX AMERICA

023 SECURITY SOLUTIONS www.takex.com

REGULAR

HUMAN RESOURSES I have been asked by the editor of Security Solutions Magazine to contribute to a regular column on human resources (HR) issues as they affect the security industry in Australia today. I am honoured to do this and look forward to contributing to the security industry in Australia in such a meaningful and ongoing way. My intent is to write the first three columns on the risks that HR can pose to a business. This column will address the issue of casual employment and the issue of sham contracting.

Casual Employment Various sectors of the security industry are structured heavily on casual employment; however, this reliance places businesses at risk for a number of reasons. Security operators should work to move a percentage of casuals to parttime employment. The reasons for this are many but, in short, it gives them hope of more stable employment, creates a more stable workforce for a business and makes provision of training easier and cheaper – all of which, most importantly, provides for a more loyal and stable workforce. Casuals generally have no guaranteed hours of work, irregular hours, no entitlement for paid sick or annual leave and can end employment without notice, unless notice is required by a registered agreement, award or employment contract. However, there are a number of risks associated with casual employees: 1. There is no legislative definition of casual employment, so employers rely on various Federal Court and Fair Work Commission (FWC) decisions. Based on these decisions, the FWC has determined that the following principles determine casual employment: a. no continuous employment beyond a specific period b. service (not employment) will determine unfair dismissal claims c. to break continuous service, clear notice must be given d. continuous service is not broken by periods of leave, illness or injury.

024 SECURITY SOLUTIONS

2. Casuals have numerous entitlements: a. provisions of the National Employment Standard (NES) as they relate to: i. unpaid carer’s leave ii. unpaid compassionate leave iii. community service leave iv. provision of the Fair Work Information Statement b. 25 percent loading c. must be told they are casual d. if employing under the Security Services Industry Award 2010, shifts no shorter than four hours and no longer than ten e. if qualified as an eligible casual employee then entitled to unpaid parental leave, compassionate leave and carer’s leave f. if employed on a regular and systematic basis with a reasonable expectation of continued employment, entitled to make application for unfair dismissal g. in some states, paid long-service leave h. meal breaks. 3. Casuals, by their very nature, tend to be disengaged from the employer, with corresponding levels of loyalty. In some cases and circumstances, this could result in a casual employee simply stopping work with the business, or worse still, simply walking off the job. 4. It is difficult to attract and/or retain talent to casual employment conditions. 5. A casual workforce tends to be transient with a resulting high turnover, which in turn creates an unstable working environment.

Sham Contracting Although not widely in use in the Australian security industry, sham contracting has found its way into various industries in Australia and poses significant risk. There is no simple definition of sham contracting; it is a judgement based on a number of ‘indicators’ of the relationship between the employer and contractor. The indicators are:

Indicator

Employee

Contractor

Control over how work is performed

Low

High

Hours

Set hours

No set hours

Ongoing expectation of work

Yes

Risk

No financial risk

High financial risk

Superannuation

Entitled to employer contribution

No entitlement

Tools/ equipment

Provided

Not provided

Tax

Deducted by employer

Pays own tax

Method of payment

Paid regularly

Submits payslip and has ABN

Leave

Paid leave

No paid leave

So, based on these indicators, if an employer pays tax contributions, superannuation and provides ongoing regular work, then the employee is not a contractor. The Fair Work Act 2009 provides serious penalties for sham contracting, including fines of up to $54,000 and court injunctions.

Greg Byrne is the Managing Director of Multisec Consultancy Pty Ltd. He also lectures part-time at the Western Sydney University where he teaches an under-grad diploma in policing as well as working as a sub-editor for the Australian Police Journal and serving as a member of the board of directors. He possesses a number of academic qualifications including; Master of Management, Diploma of HR, Grad Cert in Leadership and a Diploma a Security Risk Management. He can be contacted via email; greg@multisec.com.au. Also see www.multisec.com.au.

Series 280 is an IP66 rated industrial 19” cabinet for harsh an unforgiving environments – air conditioning available.

The last thing on your mind is the first thing on ours.

DESIGNERS & MANUFACTURERS OF 19” RACK SYSTEMS

Whether it’s ready-made, pre-configured or custom racking solutions, MFB’s short turnaround capabilities speed your product from the warehouse to where they should be – fast. Our unwavering commitment to timely delivery ensures your projects run on time, every time, reducing deadline pressures while maximising results. With a solid history of over 45 years supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB for consistent delivery, on time, every time.

AUSTRALIAN MADE MAKES AUSTRALIA

www.mfb.com.au

VIC NSW -

P (03) 9801 1044 P (02) 9749 1922

F (03) 9801 1176 F (02) 9749 1987

E sales@mfb.com.au E sydney@mfb.com.au

SECURITY SOLUTIONS 025

REGULAR

RISK MANAGEMENT When Risk Management Fails! By Dr Kevin J. Foster

Periodically, security professionals are expected, by standards of good governance, to conduct a physical security risk review at a facility or a whole portfolio of facilities. These might be offices, an airport, power station, water supply dam, a hospital, railway network, sports stadium or a shopping centre. No matter what type of facility, the process of conducting a risk assessment should be quite well understood by security professionals and is documented in standards or guidelines such as ISO 31000:2009, Australian Handbook HB 167:2006, and the new risk assessment standard designated as ANSI/ASIS/ RIMS RA.1-2015. On the face of it, risk analysis and assessment should not be difficult. The equation for calculating risk is simple enough: Risk = Likelihood (of a security event) x Consequences (of the event) The analyst needs to consider the security events or incidents of concern, estimate the likelihood of them happening and then calculate or describe the consequences that would arise from each event. These might be consequences for the facility owner or operator, for a tenant, for people in the facility, for the community that relies on the facility for its services, or for a whole supply chain of businesses. Reducing the likelihood or consequences of a risk event will reduce the magnitude of the risk. Fundamentally, controlling risk so that it is within acceptable limits is the primary aim of risk management. Acceptable risk would preferably be at a level that the business or operation can tolerate or to which it may be resilient. A security manager will usually seek funding for security measures needed to control the

026 SECURITY SOLUTIONS

risk; for example, when there are new threats, vulnerabilities and risks. Conversely, when certain threats are removed, there may be scope to reduce the security necessary. While security managers and consultants may have a precise focus on probable security events and what needs to be done to mitigate the risks, other more generalist managers, who control funding and resources, usually also need to think about other categories of risks. For example, they may be concerned about how best to achieve corporate, program or project objectives within the allocated budget and prescribed time schedule. Thus the risks with which they will be concerned are those that would prevent achievement of those objectives. The more senior a manager is in an hierarchy, the greater the breadth and diversity of the risks that need to be addressed and the more complex the decision problem may become. The security risk analysis and assessment needs to be understood by the decision makers in senior executive positions. The broader context of business operations and objectives needs to be understood by the security manager. Without such understanding, miscommunication and poor decision making can occur. Decision makers need to be given the information necessary for them to compare security risks with other business or operational risks. They must determine which risks need action and when; and which risks need monitoring. However, all of the risk information needs to be in a form that does not overload the decision maker. Risk management failures can occur for many reasons. Poor analysis is a common cause. Another is a weak decision process that has not been designed to compare risks and assess them

to determine priorities, budgets and resources required to implement necessary mitigating measures. A third cause is when decisions are not implemented in the timeframe necessary to have the desired effect on the identified risk. Importantly, and often forgotten, risks can and do change, sometimes rapidly. Sometimes the organisation will change its goals, which in turn can change the risk ‘appetite’ or alter the resilience of the organisation. The organisation’s risk policy statement should be clear about the objectives of the risk management framework and the processes that are required. Risk is a simple concept, but managing risk is a juggling act that requires good analysis and exceptional corporate governance. The more issues that are being juggled, the more complex risk management becomes. The greater the complexity, the greater the undesirable uncertainty and the harder it becomes to make an informed decision. It is possible for a security professional to correctly predict a security disaster but, for all sorts of reasons, the organisation fails to act in time. Achieving highly reliable risk management operations requires professional levels of knowledge, skilful analysis, excellent corporate governance and the agility to respond to changing threats and opportunities in the business environment.

Dr Kevin J. Foster is the managing director of Foster Risk Management Pty Ltd, an Australian company that provides independent research aimed at finding better ways to manage risk for security and public safety, and improving our understanding of emerging threats from ‘intelligent’ technologies.

AME System produces its customisable ActivConsole range of electric height adjustable and fixed height control room consoles from their local design studio and manufacturing facility in southeast Melbourne, Australia. The ActivConsole range has revolutionised control rooms throughout Australia and worldwide, introducing state-of-the-art ergonomic technology into a 24/7 monitoring environment. Able to be customised to suit any application, the ActivConsole plays

a vital part in keeping your workplace and employees healthy and productive. By utilising new modern production methods and combining them with high quality materials and finishes, the ActivConsole range continues to adapt to new technologies and trends, ensuring unparalleled versitility and flexibility in every design. Customising ergonomic solutions for over 20 years, we continually ensure safety and quality for a whole new generation of operators. Contact us now for a tailored solution.

SECURITY SOLUTIONS 027

REGULAR

COMMUNICATIONS Your Future Is Between Portfolios By Rod Cowan Compared to the headline-hogging threats of identity theft, cyberattacks and digital Armageddon, the dark underbelly of digital communications receives scant attention from security managers. Talk to them, for example, about social media – the source of an array of threats, not least of which is information leakage through people over-sharing – and one will likely be told, “Oh, that is the communications department.” The communications department sends the person to IT, who quickly suggests it is security that needs to address the issue. Welcome to the space between portfolios; a space rich with possibilities for security managers with an eye to the future. The fact is, human factors, not necessarily technology, are often the problem. Passing the buck to IT or communications is akin to saying an organisation’s locksmith or signage company is responsible for access control. They may be integral elements, but they are not responsible. Indeed, the jury is out – quite literally in some cases – as to who is practically, ethically and legally accountable. In the meantime, security managers are ideally placed to make a call and take the lead. Five key elements make for good starting points: Develop a level of media literacy. Understand how the media operates, what the nexus is between social media and mainstream media, and how to interpret events

028 SECURITY SOLUTIONS

as they unfold. There is no need for lengthy courses – the necessary information can usually be covered in a matter of hours. Get to know social media tools. They may cause problems, but they can also be handy, especially during a major event. More importantly, in doing so, security managers can add credible voices to the insanity of the online milieu. Look through the lens of ‘meme warfare’. Learn how ideas spread between people and influence attitudes and behaviour, not only from a threat perspective but also how security could use similar tactics. Activists such as Occupy Wall Street, Anonymous and Ad Busters have published plenty of material on this subject – ironically, all freely available on the Web. Master using security-minded communications. The UK’s Centre for the Protection of National Infrastructure (CPNI) has done excellent work on using communications as a crime prevention and counterterrorism tool, not only encouraging people to think about information leakage, but also how to embed messages in communications to discourage potential attackers. Recognise that continuing to fight networks with bureaucracies is the road to failure. Security needs to learn from the bad guys how to effectively build their own networks and enable people to work together. The Federal AttorneyGeneral’s Trusted Information Sharing Network

2 3

has a vital role to play here, but can and must do more. If security managers get their collective heads around these issues and understand how digital communications operate on a human level, they can build a solid platform on which to build security capabilities, not least of which is the ability to tap into the enormous possibilities of open-source intelligence, as well as employee and citizen participation. Currently, security is a long way from that. In The Second Curve, Charles Handy points out the “darker side of the info sphere” can facilitate “conspiracy and assembly, lawful or not. Cyberbullying, sexting and trolling were all new words a few years ago, signalling new dangers. One suspects that any attempt to control the perpetrators will be in vain. They will always be one step ahead.” Getting ahead demands balancing trust and outcome with control and process – and moving from being a security manager to becoming a security leader.

Rod Cowan is a Contributing Editor to Security Solutions Magazine. He can be contacted via email mail@rodcowan.net

KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.

KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up

Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: di@astpl.com.au | www.astpl.com.au

SECURITY SOLUTIONS 029

REGULAR

LEGAL Work-related Violence And Litigation By Dr Tony Zalewski Work-related violence involves aggressive behaviours often evidenced through abuse, threats, intimidation and physical attack. Regular media reporting highlights the ‘coward punch’ and incidents of violence in and around the workplace that all too often end in litigation. What is not reported is the alarming statistics associated with violence across society and what should be done to minimise risks associated with violence and hence litigation. In the context of this article, the risks faced by employers, business operators, security advisers and persons responsible for work systems are equally shared whether the victim is a worker, client or visitor. Clearly, some business operations are at a higher risk, especially where there are public-facing environments or valuables including cash. The key to a successful action by a plaintiff is proving, on the balance of probabilities, that a duty owed was breached. Put simply, a duty of care is a legal obligation imposed that requires adherence to a standard of reasonable care that could foreseeably harm others, that is, taking positive action to warn, prepare and safeguard those in and around a workplace against the risk of violence. There are a plethora of materials freely available online that can be used as a guide to minimising violence risks, such as the Victorian WorkCover Authority’s employer guide Preventing and responding to work-related violence (2014) and Safe Work Australia’s fact sheet Preventing Psychological Injury Under Work Health and Safety Laws (2014). The materials identify the importance of a risk assessment within the context of work to minimise reasonably foreseeable security-related risks. An appropriate risk assessment typically results in the identification

030 SECURITY SOLUTIONS

of a number of security and safety risks that are then treated through the introduction of physical, personnel and procedural measures to minimise those risks. This is most evident in approaches to risk minimisation in workplace health and safety through three simple steps: (1) find the hazards, (2) assess the risks and (3) fix the problems by introducing suitable controls. Risks associated with workplace violence are best minimised and managed through careful planning for the particular work environment. This approach ensures employers and their workers are able to take precautions by addressing five key areas for protective security in the context of work: Consider the local environment and its specific risks. This should include an understanding of criminal activity, such as types and frequency of reported crime, whether there is an ability to connect eyes through natural surveillance and openness, times and places staff may be isolated in and around the workplace, and the general level of public and staff activity to overcome isolation, such as moving to and from a car park or public transport hub. Assess the workplace design to ensure it is relatively safe by introducing access controls, removing or securing dual-purpose weapons that could be picked up and thrown, placement of reception or public-facing staff in areas that can be quickly supported by other staff if required, and the like. Review staff competence, especially those involved in public-facing activity, such as dealing directly with clients or members of the public, to ensure they are suitably aware of their safe and vulnerable areas within their local environment, have a reasonable level of security and safety awareness, and understand

2 3

their expected responses to actual or potential incidents, including escalating aggression through induction and training. Install physical security measures that create ‘protective zones’, such as barriers to segregate staff from others if required, electronically controlled doors, duress technology that alerts guardians both within and outside of the organisation, and CCTV cameras with suitable warning signs. Ensure protocols are developed and operationalised to assist in guiding staff in terms of proactive and reactive measures. Such protocols should include step-by-step instructions when an escalating incident arises so that staff understand best practice responses whether in their workplace or in the field. Personnel who work in any public-facing environment such as healthcare and law enforcement receive regular workplace violence training based upon a perception of risk. Commonly, their workplaces are also assessed, protocols developed and physical solutions introduced for current and emerging risks. It is essential that this common risk is formally addressed in an ongoing way to enhance workplace security and safety. This assists in avoiding litigious actions that are both time consuming and a distraction to normal business operations. Dr Tony Zalewski is a Director of Global Public Safety and a forensic security specialist with qualifications in law, criminology and the social sciences. He provides advice and training to governments and the private sector in Australia and abroad on matters relating to operational risk, security and safety. He is also an expert with practical experience in some of Australia’s leading civil actions involving security and safety.

4 5

GIVING HOTEL GUESTS SECURE ACCESS AND THE ULTIMATE IN-ROOM EXPERIENCE

• Battery Operated

• Offline & Online

• Laptop Compatible

• Battery Operated

• Full Audit Trial Available

• RFID & BLE Compatible

• Over Ride Device Available

• Different Styles Available

RELIABILTY IS THE KEYSECURITY+61SOLUTIONS 2 9472 2000 031

www.vintech.com.au

REGULAR

THINKING ABOUT

SECURITY

Explaining Security By Don Williams

Sometimes it can be hard to explain security to other managers; certainly it is about preventing theft and stopping some crazy person from entering the site and shooting all the workers. But, other managers know that security cannot be too challenging because the bottom line services are provided by people who hold only a Certificate II qualification and are the lowest paid in the building. Security personnel are seen as those annoying pedants who complain about people having lost their passes, or leave rude notes when files were not locked away or tools or drawings were left out overnight; as if anyone cares. The manager responsible for security, whether it be a full-time or part-time position, rarely sits very high in the organisational hierarchy and, to be honest, what is there to do? The preconceived impression of security as the provision of ‘guards, guns and gates, to prevent theft’ can be difficult to overcome. So, what is the story that the security manager can sell? A key message is that security is a management discipline with its own body of knowledge, research and literature. Security is about protection, but it is about protecting the business – all of it. The business has assets that are valuable either

in dollar terms or in support of the operations, often described as people, information, equipment and reputation (PIER), with the dollars being either ‘information’ for digital transactions or ‘equipment’ for hard currency. As well as the assets of the business, there are also the functions – what the business does as opposed to what it has. To protect these functions, the security manager must understand the nature of the business, the drivers, the key components and the critical features. It is the job of security to put the barriers and processes in place that will try to deter the villains, to detect if they are doing or have done something and to initiate the appropriate response. The security manager has to work with the other managers so they all understand the critical elements and vulnerabilities and how the business can be protected. The security manager is primarily worried about deliberate human action, while others will be concerned with weather events, lack of maintenance, metal fatigue, poor training, inadequate supervision and human stupidity. The security manager will look

The preconceived impression of security as the provision of ‘guards, guns and gates, to prevent theft’ can be difficult to overcome.

032 SECURITY SOLUTIONS

at how someone could deliberately circumvent existing controls and procedures to injure the business by taking or damaging the assets or by disrupting the functions. The ‘protective’ security manager is not divorced from the IT security manager, as the hardware, functions and physical environment in which the IT systems operate all require protection from deliberate human actions. The fourth asset mentioned was reputation and this is where security can excel. If security measures appropriate to the operations, assets and the image of the company are in place and there is confidence that the security will withstand scrutiny after an incident, then the company is largely protected. The security manager should consider how the emergency, media, business continuity plan and other plans will work together to protect the business during an incident. Such measures will also protect the reputations of the owners, stakeholders and related parties. Without security, the business is exposed to more than petty theft, vandalism and the threat of an active shooter. It can be explained that security at its most fundamental means ‘free from concern’. Without a dedicated, professional and resourced security manager, the business should be concerned. Don Williams CPP RSecP ASecM is a recognised thought leader in the field of security management. He is a member of relevant security and engineering professional associations and often sits on their committees. Don can be contacted via email donwilliams@dswconsulting.com.au

CELEBRATING

13 0 2 3 1 99

YEARS OF OPERATION Ezi Security Systems

Find out more about us!

www.ezisecurity.com.au

SECURITY SOLUTIONS 033 1300 558 304

REGULAR

EVENTS Total Facilities 6–7 April 2016 Melbourne Convention and Exhibition Centre, Melbourne Returning to Melbourne with an exciting new proposition, Total Facilities now unites both facilities and workplace professionals in the ultimate industry destination for the built and work environment. Held annually between Sydney and Melbourne, it’s Australia’s largest learning and networking event for facilities and workplace management professions seeking solutions for creating more efficient, sustainable and productive facilities and workplaces. Total Facilities is comprehensive and efficient in its delivery and provides real solutions to everyday operational challenges by connecting buyers and sellers to source innovation, debate current issues, share insights and create opportunities for an invaluable community of professionals. Our vision We champion professionals who support the built and work environment with a sense of belonging and advocacy – the unsung heroes and behind the scenes forces. They aim to evolve and grow their offer year on year to: • bring new and leading solutions in operational efficiency to the market

034 SECURITY SOLUTIONS

• deliver forefront trends for running more sustainable facilities and workplaces • foster a community of multidisciplinary professions to have a voice and achieve recognition • redefine the future of the industry and challenge traditional perceptions of facility management. For more information visit: www.totalfacilities.com.au

ISC West 6–8 April 2016 Sands Expo Centre, Las Vegas ISC West is THE largest security industry trade show in the U.S. At ISC West you will have the chance to meet with technical reps from 1,000+ exhibitors and brands in the security industry and network with over 28,000 security professionals. Find out about new and future products and stay ahead of the competition. Encompassing everything from access control to Facial Recognition software, you are sure to find products and services that will benefit your

company and clients. This year don’t miss our new IT Pavilion featuring the latest cyber security solutions. Working with SIA, ISC also features world class education to learn about every facet of the security industry. For more info on SIA Education@ISC visit: www.iscwest.com

AusCERT2016: Ubiquitous 23–27 May 2016 Surfers Paradise Marriott, Gold Coast AusCERT is hosting AusCERT2016, the 15th annual AusCERT Information Security Conference. As society increasingly moves towards ubiquitous computing and the Internet of Things, the innovations and benefits for society, health and wellbeing are profound and exciting. We are seeing innovation in sensors and data analytics, context aware systems, wearable devices, drones and robotics, and machines and critical systems that have not previously been accessible remotely now being connected.

SECURITYEXPO.COM.AU | 03 9261 4500 | SECURITYEXPO@DIVCOM.NET.AU SECURITY SOLUTIONS 035

REGULAR

EVENTS Advances in medical science using embedded medical devices that can prolong life, restore hearing and allow the visually impaired to ‘see’ through machines are some remarkable examples of ubiquitous computing. However, ubiquitous systems also create challenges and risks for everyone and everything. The interconnectivity of devices and systems; the ability for them to be remotely accessed or controlled; and the ability for them to be exploited and misused can have adverse consequences for individuals and societies that were not intended by their designers. The information security community must address and respond to these challenges and risks while nurturing the innovations that benefit society and individual wellbeing. Come to AusCERT2016 to hear a great line up of talented speakers discuss and explore the security challenges and risks associated with ubiquitous computing, and network with your peers. Visit conference.auscert.org.au for more information.

Biometrics Institute Asia-Pacific Conference 2016 25–26 May 2016 Dockside, Sydney The Biometrics Institute is delighted to announce the dates of their annual event for 2016. If you are interested in sponsorship or speaking opportunities, please email: steven@biometricsinstitute.org

036 SECURITY SOLUTIONS

CIVSEC 2016 31 May – 2 June 2016 Melbourne Convention and Exhibition Centre, Melbourne CIVSEC 2016 is an international forum dealing with the acutely relevant and inextricably interconnected imperatives of civil security and civil defence in the preservation of sovereignty, the protection of people and the safety of communities. It confronts the complex and increasingly interdependent challenges of the control of borders, the maintenance of law and order, the prevention of terrorism, the defence against threats to society, the protection of people and communities, the security of infrastructure and resources, the provision of emergency services, the response to disasters, the coordination of relief and the management of crises. Comprising a congress of specialist conferences and an associated exposition of equipment, technology and services, CIVSEC 2016 will bring together leaders and decision makers, policy makers and advisers, managers and officials, operational professionals, technical specialists, strategists and academics, researchers and consultants, technology developers and industry suppliers. While focusing on the Indo-Asia-Pacific region, CIVSEC 2016 will address issues of global significance. From the Indo-Asia-Pacific to Africa and the Middle-East, from Europe to the Americas, the world faces similar challenges with respect to the preservation of sovereignty and the protection of people. The peace,

prosperity, safety and cohesion of societies and communities everywhere are threatened by natural disasters and emergencies, by human catastrophe and civil disorder, by criminal activity and terrorism and by the movement of distressed populations across porous frontiers. The key players who respond to these challenges are diverse: governments and non-government organisations, aid agencies and emergency first responders, police and paramilitary law enforcers, national armed forces, immigration and customs authorities, border protection agencies and specialists in the law, medicine, infrastructure, civil affairs and search and rescue. Visit www.civsec.com.au for more information.

Security Exhibition & Conference 2016 20–22 July 2016 Melbourne Exhibition Centre, Melbourne As an industry you have spoken and your event is returning to Melbourne in 2016! The Security Exhibition & Conference will return to Melbourne again in 2016 following another outstanding event last year. Having held the Security Exhibition & Conference in Sydney for 12 consecutive years, it’s great to remain in Melbourne to consolidate relationships and to nurture business in this market. For more information visit securityexpo.com.au

038

Behavioural Economics As A Tool For Enterprise Security

039

By Alex Webling

Has anyone ever wondered why on their electricity bill there is a representation of their household’s usage against the average two-, three- or four-person household telling them whether they are over or under? How does it make people feel? The term behavioural economics has been around for maybe two decades. The marketing profession has been using the techniques it describes for even longer to get consumers to buy their brand. However, the use of behavioural economics as a tool for enterprise security is just emerging. It is time for security professionals to start using these techniques to help protect organisations and not just to influence people to buy a particular soap, car, or follow a sporting code. What is Behavioural Economics? Behavioural economics looks at the relationship between the decisions that people make and the psychological and social factors that influence them. A significant amount of study in this area has been on people’s economic decisions, but the tools and techniques that have been tested can be applied in many other contexts. Daniel Kahneman and his late research partner, Amos Tversky, are the two research psychologists most associated with behavioural economics. In 2002, Kahneman shared the Swedish Banker’s Prize in Economic Sciences in Memory of Alfred Nobel for this work. Kahneman’s 2011 book Thinking Fast and Slow explains many of the concepts in accessible terms. Kahneman and Tversky built on earlier studies that cut down an idea that now sounds quaint – the idea that humans act entirely rationally at the population or large group level. Even so, this idea was at the heart of much classical economic thinking. At first, this may not seem to entirely relate to enterprise security. However, if one considers that the premise of behavioural economics is that people do not always make decisions that are entirely rational, they would probably see the connection. In addition, the idea that small (and sometimes even intangible) incentives and disincentives can be used to guide individual actions on a large scale is also

040

very important. It is this second aspect which is of greatest use to the enterprise security practitioner. Behaviour is at the heart of enterprise security, because people are an organisation’s greatest asset and often also its greatest risk. At its simplest, the key aim of good enterprise security is ensuring that individuals are encouraged to make the right decisions that benefit their organisation. Behavioural economics works by assuming that, in many cases, people making the ‘wrong’ decision within an organisation do so because they have imperfect information or lack the right incentives or disincentives. Psychologists have also found that people often exhibit a strong inclination to conform to social norms. The social norms change with the social groups that they participate in. Essentially, people often do things because their friends, colleagues or those they admire do. Friends and colleagues provide them with informational social influence or social proof. In plain English, people like to follow their herd and ‘keep up with the Joneses’. Curiously though, people seem to struggle more with changing their minds than coming to a decision in the first place. The idea that people change their minds when the facts change is a bit tricky for many. Associated with this curious aspect, researchers from Harvard Business School have claimed that people tend to think they are more moral than they actually are and inhabit an “ethical mirage”. This can mean there is a disconnect between how they describe their decisions and how they actually behave. If one accepts this somewhat unflattering portrait of human behaviour, it means that people tend to take a position that justifies their actions, whatever they were, once they have made a decision. And they want more justification to change their minds than they needed to come to the decision in the first place! But what if it is possible to get people to make the ‘right’ decision in the first place? Then they would not have to justify wrong decisions. This is where the research findings of behavioural economics are tested at an organisational and national scale.

Behavioural economics concepts are being applied at the public policy level by governments wanting to encourage certain behaviour without going to the expense of legislating compliance. It is expensive to make something illegal. Sometimes, it is absolutely necessary (murder, for example), but the society has to create enforcement systems and pay the enforcers; but who watches the watchers? Some enlightened government agencies are dabbling with the use of behavioural economics to achieve high levels of compliance. In the UK and lately also in Australia, tax authorities have been attempting to use behavioural economics techniques. So-called nudge units have been set up to coax people to do their taxes by using social proof methods. Informing taxpayers who are late paying that “90 percent of people pay their taxes on time” increases the rate of taxpayer compliance. This achieves the policy objective of getting timely tax payments, but does it in a way that will not generate negative headlines. This, in turn, allows the tax agency to focus on individuals who are intentionally breaking the law, rather than doing so because life got in the way. Another recent example has been the introduction of the No Jab, No Pay policy by the Australian Government, where parents do not get all of their family tax benefits unless they are willing to vaccinate their children. Rather than making it illegal for children to remain unvaccinated, the government has incentivised parents to vaccinate. This, added to significant social pressure from almost all of the medical community, means that Australia’s childhood vaccination rates are generally very high and fewer distressing pictures of children with whooping cough around the country are seen. One interesting way that companies are using social proof is in encouraging households to save water and electricity. Increasingly, utility bills show householders where they stand in comparison to their suburb in terms of water or electricity use. Householders can then consider whether they want to moderate their behaviour. Marketing firms use many behavioural

ELVOX PIXEL Video Door Entry Systems Stylish and ultra-thin, the Pixel and Pixel Heavy is the latest innovation in Video Door Entry Panels from Elvox. Pixel is available in Module panels or a Digital panel. Ideal for large apartment blocks, with capacity of up to 6,400 units. Its elegant, versatile yet tough. Intuitive functionality and easy to install.

SECURITY SOLUTIONS 041

economics techniques to encourage consumers to use particular products. Many people take advantage of airline frequent flyer programs that give rewards for the flights taken by members. The extremely successful travel website TripAdvisor awards points to its website users for the travel reviews that they produce. However, TripAdvisor points have absolutely no dollar value. They are valuable only to users in terms of social proof to that community that a member is a well-seasoned traveller. The majority of social media operates in a similar way. Why should enterprise security professionals consider using behavioural economics in their organisation? It is expensive and time consuming to maintain rules for the increasingly complex environment that organisations operate in. Rules are difficult to write well and often only work in limited circumstances. The more detail, the more exceptions need to be built in. Quite often, rules also create a culture where individuals only follow the letter, not the spirit of the rules. This can contribute to the creation of a workplace that is not adaptable and where security is blamed for the problems of the organisation. This can lead to situations where workers sometimes choose to circumvent organisational rules in order to achieve local goals. A worker might shortcut a process to ensure that his team is able to complete it faster. The individual might rationalise this as being good for the company in that the job is completed faster and good for himself in that he can go home earlier. However, the decision that he has rationally come to might be the ‘wrong’ decision from the perspective of the organisation. The shortcuts that have been introduced may decrease organisational security. How do organisations change this? By changing the decision-equation the worker takes when he or she makes that decision. This is very much the place of behavioural economics in enterprise security. Organisational messaging that demonstrates the social norms of the organisation from a security perspective is vital. So too are tools and procedures which endeavour, where possible, to make the secure decision the easiest one to make. In many ways, the decision is very much linked to the security culture – the customs and practices – of the organisation.

042

Behaviour is at the heart of enterprise security, because people are an organisation’s greatest asset and often also its greatest risk.

Organisations are increasingly moving to principles- and risk-based frameworks in many areas, including security, because they find the sheer complexity of business otherwise overwhelming. This was one of the main drivers for the creation of the Australian Government’s Protective Security Policy Framework (PSPF). The PSPF tries to get government agencies to focus on their security outcomes, rather than on process. One financial institution has used behavioural economics to give nudges to staff regarding personnel security. In one case, to improve their reporting of change of circumstances, the organisation gave staff the simple message, “Most people in our organisation report their change of personal circumstances within four weeks.” In the government space, there has been debate about whether it is possible to create an ‘information classification market’ which balances the need to classify information appropriately against the costs to organisations of over-classification in terms of long-term storage and devaluation of security markings. Such a market could work by incentivising managers to ensure that staff were classifying

information as accurately as possible. As always, the trick would be to ensure that the incentives match the risk profile of the organisation. Enterprise security professionals should be asking where they can apply these behavioural economics techniques in their organisations. The possibilities are varied and many and every organisation is different – so are the opportunities for using these techniques to improve enterprise security.

Alex Webling BSc, BA (Hons), Gdip Comms, GdipEd, ZOP, AARPI has been the Director of Resilience Outcomes Pty Ltd since 2012. Resilience Outcomes is a consultancy specialising in organisational strategy and resilience, identity, privacy and information security. Alex is also the current Deputy Chair of Security Professionals Australasia, a member of the Standards Australia Board on Security and a Director of the International Association of Privacy Professionals (A/NZ). He is a registered security professional in the area of enterprise security. Alex can be contacted via email services@resilienceoutcomes.com

IS NOW

proudly distributed by

Discover the COOL Experience with United VMS 7.0

Cyber-defended

Open solutions

IP-mmune Cyber Defense Suite protects customer data and assets

ONVIF ProďŹ le S support gives you freedom of choice

qsecuritysystems.com.au

Optimized streaming

Leading user experience

Adaptive streaming optimizes display resolution and bit-rate

EZ Client web interface provides sleek, intuitive experience

ďŹ&#x201A;ir.com.au

dvtel.com.au

VIC 03 9676 7000 | SA 08 8210 4900 WA 08 9207 6900 | NSW 02 8833 6500 QLD 07 3630 0813SOLUTIONS 043 SECURITY

ALARMS

044 SECURITY SOLUTIONS

Property Services And Security In The Age Of Connected Buildings By Rodney Timm

Facilities and security management of the built environment has been ‘dumbed-down’, driven by cost-saving initiatives. Dedicated on-site janitors, security personnel and building engineers have become a rarity, with services outsourced on the back of the promise of better outcomes at lower costs. But the offers of centralised expertise and service delivery have been compromised because of ever lower service pricing driven by a grab for market share. Onsite qualified specialists who were initially replaced by off-site specialists have now been replaced by generalist facilities personnel responsible for all services. The dedication and focus of specialists who understood the ‘heartbeat’ of the building has disappeared. Regular site visits, security and services diagnostics are no longer the norm, occurring sporadically and reactively only when incidents and service interruptions occur. However, now in the era of smart buildings, connected with emerging analytical technologies via the Internet of Things, the facilities and security management industry has the opportunity to regain credibility, empowered by 24/7 remote monitoring of building control and service performance via big data diagnostics and remote professional specialists. Smart Buildings Electronic monitoring and management of buildings has been part of the conversation since the early 1980s. This was limited

to having compatible multi-functions – heating, ventilation and air conditioning (HVAC), security and electrical – being monitored and managed through centralised control panels. These displays, usually in proximity to the janitor’s desk, with flickering lights and dials, were impressive, but only provided limit systems intelligence. However, as technologies have evolved and been extended, smart buildings have emerged with significantly increased intelligence. The advent of remote monitoring that links electronic incident recording, fault detection, performance measurement and energy efficiency, all made ubiquitous through the Internet, has led to the emergence of smart buildings. The key element is how these multi-functional building systems are integrated, interrogated and linked into the business systems. The diagnostics of the data captured is then used to understand the changes required to the systems and controls to meet the occupiers’ needs. Internet of Things The Internet of Things is the catalyst that will empower property managers to take specialist skills back to buildings on a cost-effective basis. Having detectors and sensors integrated into building elements and equipment, monitoring performance across a range of components and being connected via the Internet to a processing centre, is likely to be the future of the

profession. Continual monitoring and detailed diagnostics, using specialist frameworks to identify security and operational issues, will provide the insights to enable decisions to be made sooner, with the right actions at the right time. Using this approach, rather than scheduled maintenance and routine patrols in rolling programs, embedded sensors will monitor actual performance and incidents, signalling the required just-in-time service. Service signals may result from incidents, operating equipment usage or identification of systemic drops in performance standards. Replacement parts can be pre-ordered and repairs done during planned down time, resulting in cost savings, minimised service down time and improved operational reliance. In smart buildings, automated security systems covering safety, access control and lighting system management can also be interfaced with the building management systems to provide a holistic perspective. Fault detection systems can be implemented and automated to alarm when components fail to achieve the desired or required energy, security, safety or economic performance. Using this approach, systems will anticipate the building servicing and security needs within set parameters and establish the appropriate workplace, security and service regime. The aim of the approach will be to improve the service outcomes aligned to the occupiers’ requirements, with enhanced

SECURITY SOLUTIONS 045

ALARMS

service performance, appropriate security, greater reliability, less down time and more cost-effective management. Big Data The capacity to capture and analyse the data generated from embedded service and security sensors is the platform required to enable the implementation of this approach. Having the processing power to rapidly run intelligent diagnostics of the data using efficiency algorithms based on past performance is essential. The analytical focus will be structured to focus on identifying trends, patterns and anomalies that require changes in operational and security approaches to achieve improved control and performance to achieve cost reductions. This visualisation of monitoring systems, managing clusters of equipment as an ecosystem and sharing information seamlessly to facilitate benchmark settings, will significantly enhance how the equipment and devices are operated. Using a systems thinking approach, potential problems are considered within the overall building system and provide solutions supporting the outcomes, avoiding unintended consequences. Property managers of the future will have an array of devices and monitors linked to components and equipment all connected and feeding data into analytical processes to undertake performance diagnostics. Opportunities The opportunities for property and security management services aligned to smart building thinking are broad. Access control systems with electronic key cards, controllers, readers and encrypted software that create and manage secure identities will enable comprehensive security across entire sites and portfolios. The personnel and visitor management systems, once integrated into the building automation system, will provide real-time control of the site designed to integrate with the building performance needs. Effective management of the

046 SECURITY SOLUTIONS

consumption and other building efficiency measures will be measured, diagnosed and controlled. In bygone eras, this performance was managed by the on-site security, janitors and building engineers, albeit with less sophisticated equipment, but with an intense understanding of how to manually â&#x20AC;&#x2DC;tuneâ&#x20AC;&#x2122; the building to meet the performance needs.

The advent of remote monitoring that links electronic incident recording, fault detection, performance measurement and energy efficiency, all made ubiquitous through the Internet, has led to the emergence of smart buildings.

environmental impact of buildings will be made possible through real-time efficient use of energy. Using big data analysis, measurable energy targets such as energy use intensity (which expresses normalised building energy consumption based on floor area) is determinable. In addition, the reliability and quality of power can be monitored and analysed by capturing and analysing waveforms in the control system displays. Occupier comfort outputs such as space utilisation, indoor air quality, daylight measurement, acoustic levels, water

Challenges Implementing smart building approaches will have challenges. Plans need to be appropriate to maintain currency with emerging technologies and the right balance of data â&#x20AC;&#x201C; not too much or too little. In the interim, maintaining ageing infrastructure by merging legacy building and control systems with new facility installations will also be a challenge. Existing outsourced facilities management contracts using generic service approaches may prove problematic until they terminate if collaborative relationships are not entrenched into the service contracts. As is often the case, preparing the financial business case to undertake the retrofits, building management and security systems upgrades and the installation of sensors to move to a smart building approach is complex. The financial benefits based on future value propositions of enhanced reliability and security control, improved working environments and the appropriate allocation of maintenance expenditure are difficult to quantify. Establishing the optimal connected buildings using the Internet of Things and big data smart analytics will need vision and commitment. Rodney Timm is the Director Property Beyond Pty Ltd. Rodney has been involved in the real estate and construction industries for over 30 years. He has had extensive experience in portfolio, property and facilities management, agency, valuation and development, and he has provided advice to fund managers, government agencies and the corporate real estate sector.

SECURITY SOLUTIONS 047

048

Trauma Management Cause And Effect Of Officer Response Options By Richard Kay In a violent confrontation, there is a high possibility that using force to control a resistive subject may cause physical trauma. Whilst the aim is harm minimisation, this may be unavoidable under the circumstances. Response options are chosen by evaluating control versus injury, where the need to gain control is weighed against the possibility of causing (or sustaining) injury. The aim here is to outline common types of blunt force trauma and relate these to possible causes resulting from a use of force via officer response to a resistive subject. It should be viewed in conjunction with lawful principles of situation assessment, force evaluation and duty of care. An aspect of duty of care includes providing aftercare to injured people and, as such, officers should maintain competency in first aid procedures in addition to use of force procedures. Blunt force trauma relates to physical trauma caused to a body part, either by impact, injury or physical attack; specifically, the precursory trauma from which there is further development of more specific types of trauma, such as contusions, abrasions, lacerations and/or bone fracturing. A wound is a type of physical trauma where the skin is torn, cut or punctured (open), or where blunt force trauma causes a contusion (closed). In pathology, it specifically refers to a sharp injury which damages the dermis of the skin.

Before any medical/paramedical evaluation, a wound is considered as minor when it is superficial (‘flesh wound’), it is away from natural orifices, there is only minor bleeding or it was not caused by a tool or an animal. Any other wound should be considered as severe. If there is any doubt, a wound should be considered as severe. This does not necessarily mean it endangers life, but should at least be seen by a physician. In the case of severe open wounds, there is a risk of blood loss (which could lead to shock) and an increased chance of infection due to bacteria entering a wound that is exposed to air. Due to the risk of infection, wounds should be kept clean and closed if possible until professional help is available. Depending on their severity, closed wounds can be just as dangerous as open wounds. An injury to the brain such as a contusion is an extremely dire closed wound and requires emergency medical attention. Bleeding (haemorrhage) is the loss of blood from the circulatory system. Bleeding can occur internally, where blood leaks from blood vessels inside the body, or externally, either through a natural opening such as the mouth or rectum, or through a break in the skin. Desanguination is a massive blood loss, whilst complete loss of blood is referred to as exsanguination. Loss of 10–15 percent of total blood volume can be endured without clinical sequelae in a healthy person (blood donation

049

typically takes 8–10 percent) of the donor’s blood volume). Bleeding generally becomes dangerous, or even fatal, when it causes hypovolemia (low blood volume) or hypotension (low blood pressure). In these scenarios, various mechanisms come into play to maintain the body’s homeostasis. Bleeding is broken down into four classes: • Class 1 involves loss of up to 15 percent of blood volume. There is typically no change in vital signs. Volume resuscitation is not typically required. • Class 2 involves loss of 15–30 percent of total blood volume. A patient is often tachycardic (rapid heartbeat) with a narrowing of the difference between the systolic and diastolic blood pressures. The body attempts to compensate with peripheral vasoconstriction. Skin may start to look pale and be cool to the touch. The patient might start acting differently. Volume resuscitation is all that is typically required. Blood transfusion is not typically required. • Class 3 involves loss of 30–40 percent of circulating blood volume. The patient’s blood pressure drops, the heart rate increases, peripheral perfusion (such as capillary refill) worsens, and the mental status worsens. Fluid resuscitation and blood transfusion are usually necessary. • Class 4 involves loss of more than 40 percent of circulating blood volume. The limit of the body’s compensation is reached and aggressive resuscitation is required to prevent death.

impact to soft tissue overlying hard tissue or tearing. • Incision – a clean ‘surgical’ wound, caused by a sharp object such as a knife. • Puncture wound – caused by an object, such as a knife, penetrating the skin and underlying layers. • Contusion (bruise) – caused by a blunt trauma damaging tissue under the surface of the skin. • Gunshot wounds – caused by a projectile weapon; this may include two external wounds (entry/exit) and a contiguous wound between them.

Individuals in excellent physical and cardiovascular shape may have more effective compensatory mechanisms before experiencing cardiovascular collapse. These patients may look deceptively stable, with minimal derangements in vital signs, while having poor peripheral perfusion (shock).

The pattern of injury, evaluation and treatment will vary with the mechanism of the injury. Blunt trauma causes injury via a shock effect, delivering energy over an area. Wounds are often not straight, and unbroken skin may hide significant injury. Penetrating trauma follows the course of the injurious device. As the energy is applied in a more focused fashion, it requires less energy to cause significant injury. Any body organ, including bones and the brain, can be injured and bleed. Bleeding may not be readily apparent; internal organs such as the liver, kidney and spleen may bleed into the abdominal cavity. The only apparent signs may come with blood loss. Bleeding from a bodily orifice, such as the rectum, nose or ears, may signal internal bleeding, but cannot be relied upon. A bruise (also called a contusion) is a kind of injury to tissue in which the capillaries are damaged, allowing blood to seep into the surrounding tissue. It is usually caused by blunt impact. Bruises often induce pain, but are not normally dangerous. Sometimes, bruises can lead to other more life-threatening forms of haematoma, or can be associated with serious injuries, including fractures and internal bleeding. Minor bruises are easily recognised by their characteristic blue or purple colour in the

Traumatic bleeding is caused by some types of injury, including the following wounds: • Abrasion (graze) – caused by transverse action of a foreign object against the skin; it usually does not penetrate below the epidermis. • Excoriation – caused by mechanical destruction of the skin, although it usually has an underlying medical cause (in common with abrasion). • Laceration – irregular wound caused by blunt

days following the injury. The extent of bruising depends on many factors. The state of the tissue when injured (contracted versus relaxed muscles) can make a large difference, as can the effect of being crushed against underlying bone. People also vary in the sturdiness of their capillaries – some people bruise more easily than others. Colours are a way to determine the severity of a bruise – minor (light blue/light purple), somewhat severe (light-purple/blue),

050

severe (yellow), very severe (dark purple/black). An abrasion is superficial damage to the skin, generally not deeper than the epidermis. It is more superficial than an excoriation, although it can give mild bleeding. Mild abrasions, also known as grazes, do not scar, but deep abrasions may lead to the development of scar tissue. Most commonly, abrasion injuries occur when exposed skin comes into moving contact with a rough surface, causing trauma to the upper layers of the epidermis. A fracture is a bone break and is classified as closed or open and simple or multi-fragmentary: • Closed fractures are those in which the skin is intact, while open (compound) fractures involve wounds with the fracture that may expose bone to contamination and carry an elevated risk of infection. • Simple fractures occur along one line, splitting the bone into two pieces, while multi-fragmentary fractures involve the bone splitting into multiple pieces. A simple, closed fracture is much easier to treat than an open, contaminated fracture.

Response options are chosen by evaluating control versus injury, where the need to gain control is weighed against the possibility of causing (or sustaining) injury. Other types of fracture are: • Complete – bone fragments separate completely • Incomplete – bone fragments are still partially joined • Linear – parallel to the bone’s long axis • Transverse – at a right angle to the bone’s long axis • Oblique – diagonal to a bone’s long axis • Compression – usually occurs in the vertebrae

• Spiral – at least one part of the bone has been twisted • Comminuted – causing many fragments • Compacted – caused when bone fragments are driven into each other • Open – the bone reaches the skin • Bug – the bone is in place, but the fracture has the appearance of a crushed insect. A dislocation is where a bone has been displaced from its normal position at a joint. Some joints (shoulder, finger) are more likely than others to dislocate under a sudden, severe force. As a general rule, a dislocation injury should be managed as a fracture. A sprain is an injury which occurs to ligaments caused by a sudden overstretching. The ligament is usually only stretched, but if it is completely torn, a longer period of immobilisation and surgical repair may be necessary. Although some signs and symptoms can be used to assess the severity of a sprain, the most definitive method is with the use of Magnetic Resonance Imaging (MRI). Sprains are graded in four degrees: • 1st – only a minor tear or stretch of a ligament • 2nd – a tear of a ligament, which is usually followed by pain or swelling • 3rd – a complete rupture • 4th – actually breaks the ligament, along with some small bones if severe enough.

A strain is an injury to a muscle in which the fibres tear as a result of overstretching. Strains are also colloquially known as pulled muscles. Typical symptoms of a strain include localised pain, stiffness, inflammation and bruising around the strain. Whiplash is a specific type of strain and sprain injury to the neck and upper back. The seriousness of a whiplash injury can never be underestimated, no matter how insignificant it seems to be. Cold compression therapy will stop the pain and swelling while the injury starts to heal itself. Controlling the inflammation is critical to the healing process and icing further restricts fluid leaking into the injured area as well as controlling pain. Cold compression therapy wraps are a useful way to combine icing and compression to stop swelling and pain. Penetrating trauma is an injury that occurs primarily by an object piercing the skin or entering a tissue of the body. The severity of the injury is determined largely by the velocity of the object that enters the body. High-velocity objects are usually projectiles such as bullets from high-powered rifles. Bullets from handguns and shotguns are classed as medium-velocity projectiles. Low-velocity items, such as knives, are usually propelled by a person’s hand and usually do damage only to the area that is directly contacted by the object. In addition to causing damage to the tissues

they contact, medium- and high-velocity projectiles cause a cavitation injury: as the object enters the body, it creates a pressure wave which forces tissue out of the way, creating a cavity that can be much larger than the object itself. The tissues soon move back into place, eliminating the cavity, but the cavitation frequently does considerable damage first. Cavitation can be especially damaging when it affects delicate tissues such as the brain, as occurs in penetrating head trauma. Officers who learn force response options should also have a comprehensive understanding of the consequences of using these strategies in an operational environment. The provision of aftercare to a subject is an important aspect with regard to showing the officer was acting in a professional capacity and not out of malice. Officers should learn to view first aid in relation to their actions, and in turn assist in justifying their operational choices.

Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au

Common Trauma and Use Of Force Causes Trauma

Cause

Treatment

Bruise

strike, control hold, grapple, takedown, handcuff, baton

RICE

Abrasion

takedown, grapple, restraint and detain

Pressure bandage

Bleeding

strike, takedown, handcuff, baton

PIM, rest

Fracture

strike, control hold, baton

Immobilise, treat bleeding and shock

Sprain

control hold, handcuff, grapple

RICE

Strain

control hold, handcuff, grapple

RICE

Penetrating

edged or ballistic weapon

PIM, treat shock

RICE – rest, ice, compression, elevation; PIM – pressure immobilisation

SECURITY SOLUTIONS 051

CCTV

052 SECURITY SOLUTIONS

Best Of Both Worlds

SECURITY SOLUTIONS 053

CCTV

By Jason Ting

Over the last 20 years, security surveillance systems, often referred to as CCTV or Closed Circuit Surveillance Systems, have experienced a significant rise in popularity, not just across the commercial and government sectors, but also within the retail and residential markets. This growth has been driven by an increasing need for tools that can not only deter breakins, but also capture evidence of crimes, potential insurance claims or frauds, reduce exposure to public liability and help manage and protect staff, as well as a wide variety of other uses. It is this continual expansion into increasingly diversified markets, combined with an ever broadening range of application requirements, that has seen the CCTV technology evolve significantly from the initial black and white, 300 TV line, VHS recordings to become the full colour, high definition (HD) digital systems featuring megapixel resolutions that are seen today. Despite the fact that CCTV was born largely from the need to identify and record potential threats such as theft, potential terror attacks or anti-social behaviour such as assault, early CCTV systems were extremely limited in their capability to capture the kind of detailed information which could facilitate the identification of an offender. This need for identification of everything, from people to objects to number plates and beyond, has given rise to a steady stream of advances in image resolution over the last two decades. The most dramatic of these advances has come by way of the shift from analogue to digital recording. With digital CCTV came the development of megapixel resolutions that allow users to capture more information than ever before. However, until recently, in order to take advantage of higher resolution digital cameras and recorders, users were forced to replace existing coaxial cable infrastructure with newer, Ethernet cables capable of carrying great amounts of data at faster speeds over distance. In many cases, this single factor, more than any other, made the transition from analogue to digital

054 SECURITY SOLUTIONS

It is this continual expansion into increasingly diversified markets, combined with an ever broadening range of application requirements, that has seen the CCTV technology evolve significantly.

all but impossible for many users. Replacing equipment such as cameras and recorders may have been achievable, but the time and expense associated with replacing existing coaxial cabling meant that either the total project cost became untenable or other restrictions, such as space constraints within building cavities, heritage overlays, accessibility or construction obstacles and the like, made the infrastructure upgrades impossible. In order to overcome the problem of recabling, engineers set about creating ways to facilitate hybrid solutions that would enable the use of high-resolution digital equipment over analogue cable. Early attempts gave

rise to a host of media convertors designed to facilitate the transmission of Internet Protocol (IP) data over coaxial cable. However, in many instances, the cost of said convertors equalled or even exceeded the cost of laying new cables. Today, there exist three main standards designed to enable users to upgrade to HD CCTV without having to replace existing coaxial cables. The question is, which one offers the greatest all-round value proposition? In order to answer that question, it is important to understand a little about each of the technologies on offer. The first is the recently developed

SECURITY SOLUTIONS 055

CCTV

High Definition Transport Video Interface technology (HD-TVI), which is based upon an open standard chipset designed to accommodate a variety of CCTV camera manufacturers. The technology supports 720p/1080p resolutions while also providing other benefits, such as an impressive, long distance transmission capability of up to around 300 metres without loss of quality or delay in images. Furthermore, it also enables the simultaneous transmission of video, audio and bi-directional data signals over the one cable. In addition, using BNC connection for video termination, HD-TVI provides installers with a simple plug-andplay solution for the upgrade of existing analogue CCTV infrastructure. A second option can be found in High Definition Serial Digital Interface (HDSDI), which was originally developed for broadcasting video in the television industry. It just so happens that this standard also enables users to bridge the analogueâ&#x20AC;&#x201C; digital divide without having to replace existing analogue cable infrastructure. However, in most instances, the cost of an HD-SDI system is significantly higher than an equivalent HD-TVI system, while HD-TVI can provide added functionality such as bi-directional communications up to three times the transmission distance of HDSDI when using coaxial cable. Another recent technology which enables users to create systems using both analogue and digital CCTV equipment (option three) is Analog High Definition (AHD). Nextchip, the creators of AHD, state that it is backward compatible with conventional analogue video surveillance systems. Like HD-TVI, AHD CCTV is a great product designed to enable users to capture 1080p over coaxial cable at a great price. A fourth option is High Definition Composite Video Interface (HD-CVI). Just like HD-TVI technology, HD-CVI provides real-time HD video at 1080p resolution over coaxial without image delays. HD-CVI used to be a proprietary technology and was only

056 SECURITY SOLUTIONS

In evaluating any CCTV solution, the cost of ownership, not just the cost of acquisition, must also be evaluated.

recently released as a global open standard by its creator. This simply means it might take a while for other manufacturers of HDCVI products to meet compliance with the standards. However, with the exception of the longer transmission distances of HDTVI, both HD-CVI and HD-TVI seem to offer very similar features and benefits. That said, HD-TVI has been an open standard since its inception, meaning that it is currently compatible with a wide range of cameras. In evaluating any CCTV solution, the cost of ownership, not just the cost of acquisition, must also be evaluated. Purchase price in a highly commoditised market like CCTV is a key factor in the race to the bottom. Yet it is a race that no one wins. Durability, flexibility, reliability and ease of installation are all important factors which effect both the short-term and long-term cost of ownership. A CCTV

system which provides a slew of world-class features, but makes facilitating a simple backup from the system a virtual nightmare, provides no real benefit. Similarly, IP CCTV provides many useful features, but unless those features are being used, one simply ends up paying for features that will be a waste. For the domestic and small business market, simplicity is always preferable over complexity. Nowadays, most people aim more for products that will ease their life, such as a simple-to-use app on their smartphone that monitors their valuables when they are away from home or business. Making the leap into the world of digital CCTV no longer needs to be the time-intense, expensive and laborious challenge it once was. In fact, with so many good options now available, it is hard to understand why anyone considering the move would hold back.

Jason Ting has eight years experience designing and selling CCTV Systems. For further information, he can be contacted on 03 9808 6244 or by email: jasont@nidac.com.

For the domestic and small business market, simplicity is always preferable over complexity.

SECURITY SOLUTIONS 057

BUSINESS

Human Resource Information Systems in the Australian Security Industry

058 SECURITY SOLUTIONS

By Greg Byrne

Targets

Initiatives i i

Measures

i i

Objectives

i i

i i i

i i

i i Initiatives i i i i

Targets i i i i

Measures i

i i

To achieve our vision, how will we sustain our ability to change and improve?

LEARNING AND GROWTH

Objectives

VISION AND STRATEGY

INTERNAL BUSINESS PROCESS To satisfy our shareholders and customers, what business processes must we excel at?

Targets

Initiatives i

Measures

i i i

Objectives i

i i i i

i i i

To succeed financially, how should we appear to our shareholders?

i i

The author surveyed a number of security businesses in Australia and found that most were using established administrative tools such as MYOB or Zero to manage wages, superannuation, tax and so on. Most were also using some type of software such as Deputy to manage rostering, days off and other basic staff absenteeism or movements. Most companies were also running programs such as those from SAP, which enabled reporting on basic HR analytics such as staff educational standards, staff movements and expressions of interest for promotion or lateral movements. These programs are basic or minimum requirements for managing staff and have been around for many years. Measuring productivity of employees in the security industry in Australia is not widespread, with only some of the larger companies running productivity suites. Productivity measuring tools can measure, for example, the number of employees at work at any one time, how many are absent or outside the office, and even those who appear to be slacking off. The information collected enables even small businesses with less than 25 employees to improve competitiveness and strategic planning, scout talent and measure performance. There are many software tools on the market that can assist with this, including DeskTime, Kronos, RescueTime, Toggl and Oracle. Larger businesses in Australia are using some type of employee productivity tool and

FINANCIAL

Targets

Initiatives i

Measures

i i i

i i

Objectives

Value of HRIS Emergence of the digital age saw the development and increased reporting capacity of HRIS. CedarCrestone (as it was known prior to its merger with Sierra Systems US inc. in 2014) classified HRIS reporting as: 1. Administrative, or the traditional sick leave, annual leave and wages. 2. Productivity, measuring team performance, goal attainment, rewards, performance management and metrics for continuous improvement. CUSTOMER 3. Strategic, through the use of the To achieve our balanced scorecard (see below). vision, how 4. Business intelligence applications, such should we appear to our as those provided by Oracle’s customer? analytics tool.

their take-up in the security industry is strongly encouraged. As mentioned at point three, a suitable framework to guide and measure the strategic performance of an organisation is the balanced scorecard. It was developed by Dr Robert Kaplan and Dr David Norton as a performance measurement framework to add strategic, non-financial performance measures to traditional financial metrics to give managers and executives a more ‘balanced’ view of organisational performance. The key areas of measurement are: • financial performance in terms of cost reductions and business growth • customer relations, retention and growth • internal business performance and management • learning and development measured through skills audits, innovation and learning.

This is the third article in a series of four on HR resilience in the security industry in Australia. It outlines the reporting mechanisms that are available to businesses and the benefits that can be derived from them. It also explores how a business can ensure those systems are robust and resilient to adverse internal and external manipulation. The use of information generated by human resources (HR) departments should have changed over the past three decades. Traditionally, HR produced metrics that were focused on delivering tactical reports such as staff levels, turnover and absenteeism, leave liabilities and staff costing models. However, these reports did not provide broad information on the value of people to the organisation. Numerous authors over the past 20 years have espoused the virtues of sound and robust human resource information systems (HRIS) as a method to gain full understanding of the capacity of employees to value-add, and then how to measure that value-add.

Figure 1. The balanced scorecard

The scorecard enables HR analytics to align with business strategy to validate its contribution to organisational success. This enables business at the micro level to identify key areas to focus on for improvement. Business intelligence (BI) applications allow organisations to find useful, actionable information from a variety of data sources, including multiple platforms, and present them in the form of dashboards, scorecards, workflow, analytics, enterprise and financial reporting. The digital age has seen an explosion of the types of information collected and the methods in which they are analysed, collated and disseminated, making BI one of the top 10 technologies during the 2010s

SECURITY SOLUTIONS 059

BUSINESS thus far. The benefits to the security industry in developing BI capabilities include: • leveraged information as a competitive advantage • better understanding of the demand side of the business and management of customer relationships • collection, collation and dissemination of big data • monitoring of the results of change. Improved BI in the security industry will result in: • improved visibility of the business • improved customer retention and acquisition • cost reduction • improved supply chain management. These improvements will increase an organisation’s competitive edge and improve its financial performance. How to Make a HRIS more Resilient Protecting the valuable warehouses of information and intellectual property derived from the detailed analysis of information gained by reporting mechanisms is critical. Broadly speaking, threats to information come from two sources – internal or external. External threat is in the form of cyber attacks, which present in malware, viruses and actual attempts to gain access through firewalls and other security installations. Internal threat is generally from the actions of employees who, through ignorance or incompetence, allow access to external threats, or who, through wilful act, tamper or destroy information and information systems. External threats Over the past two decades, Australian authorities have responded to cybercrime through legislation and the creation of government agencies. The Australian Federal Police report that illegal cyber activity such as hacking, fraud, scams and harassment falls under two broad categories: • crimes committed directly against computers and computer systems • the use of technology to commit or facilitate the commission of traditional crimes. All state and federal governments have created suites of legislation to deal with cybercrime, creating offences such as illegal access, destroying or modifying data housed in computers and using data to commit serious crime. Governments have also committed to the Australian Cybercrime Online Reporting Network (ACORN), which was established to provide for the secure reporting of cybercrime. It also provides advice to help people

060 SECURITY SOLUTIONS

recognise and avoid common types of cybercrime. To help avoid needing the services of a state or federal agency, including ACORN, it is advised that all security companies take the following actions: • Keep operating systems, internet browsers and business applications up-to-date and ensure the latest security patches are installed. • Purchase reputable antivirus, firewall and malware tools and keep them up-to-date. The Australian Business Assessment of Computer User Security (ABACUS) survey revealed that 84 percent of Australian businesses used antivirus software, 63 percent used anti-spam, 58 percent used antispyware and 33 percent used anti-phishing tools (Richards, 2009). Be aware of scareware that purport to be malware and claim there is a problem with a computer that requires rectifying for a cost. • Ensure staff and the business are fraud resilient and that online orders are genuine, and seek out professional advice if there is doubt. Stay Smart Online (2010) provides advice about what to look out for in suspect orders, how to check if an order is likely to be fraudulent and steps that a business can take to prevent against fraud. • Use secure websites with digital certificates to offer protection for customers when they enter personal information and payment details. Internal threat The threats from within the business pose the greatest risk and are hardest to manage. The saying, “You can only do what you can only do” is true to a point when managing this situation, but with careful planning and strong policy around staff access to computer systems and online warehouses of information, a business can be safeguarded quite well. Critical to this is having competent staff who are able to advise the CEO or owner/manager how best to do this, which is where the chief human resources officer (CHRO) – or equivalent in smaller businesses – comes in. First and foremost are robust staff policies and staff awareness and training. Stay Smart Online (2010) provides guidelines for IT acceptable use policies that outline how a business’s computer resources should be used. Included in the guidelines are expectations in relation to personal use, handling of sensitive information, and the management and reporting of malware, viruses and not opening suspicious documents and emails. According to AusCERT (2009), user access management policies outline access rights for staff, restrict administrative privileges and prevent the installation of malware, minimising the extent of damage done if users’ accounts are compromised.

These software suites will also limit what files staff have access to. There should also be a policy that ensures a staff member leaving the organisation has computer access discontinued. Creation of account/password management policies is strongly recommended. Richards (2009) also states that staff awareness programs should include information on computer security issues. It is also critically important that the physical security of computer systems is maintained. Servers should be kept in secure rooms and staff computers should not be easily accessible by others. There should also be policy on the management and accountability of portable radios and handhelds and, where possible, that they can be remotely disabled and/or tracked. Another suggested strategy is to monitor employee productivity, changes in behaviour and personal circumstances. It was recently reported that between 60 and 80 percent of employees spend time ‘cyberloafing’, despite company policies that forbid it. Research reveals that lost productivity and exposure to legal risk is dramatically increased due to this activity. Also be alert to personal issues such as gambling, drinking, financial or marital problems and triggers such as redundancies, poor performance review, demotion or corporate restructures. Ideally, the company’s strong cybersecurity culture will mean that co-workers and managers of potential hacker employees notice and report the change in behaviour. As a word of caution, businesses must ensure that they do not breach any privacy or criminal laws when monitoring employee online behaviour. Further, make sure that the HR person, people or CHRO are safeguarding the IT systems and supporting their ongoing resilience.

Greg Byrne has 33 years of policing and law enforcement experience. He is currently employed at Charles Sturt University (CSU) lecturing the Associate Diploma in Policing Practice at the NSW Police Force Academy and is also employed by the Australian Police Journal as a sub-editor and a member of the board of directors. He possesses a number of academic qualifications, including Master of Management, Diploma of HR, Grad Cert in Leadership, Diploma in Security Risk Management, and is currently enrolled in the Graduate Certificate of Learning and Teaching at CSU and the Masters of Research at the University of Western Sydney. He possesses a NSW Security License – class 2ABCD. Greg can be contacted via email: greg@multisec.com.au

Delivering Proven Solutions for Security & Safety We Protect People & Assets SECURITY SOLUTIONS 061 www.magneticautomation.com.au

COVER STORY

062 SECURITY SOLUTIONS

f o n o i t u l o v E e h t Y T I R U SEC

SECURITY SOLUTIONS 063

COVER STORY

By John Bigelow

It is often said that one should never discuss politics or religion in polite company. That said, in reviewing the evolution of security over the last two decades, both within Australia and from a global perspective, it is virtually impossible to avoid either topic given that both have had such a monumental impact on the local and global security landscape. When Security Solutions, or Security Oz as it was originally known, was first launched back in June of 1999, few could have predicted the monumental changes that would take place within just the next few years. We certainly had no idea that we would be witness to and reporting on what would arguably become the greatest period of change in private security the world has ever seen. The rise of radical Islam and the spread of terrorism into the Western world, combined with the resultant attacks on the World Trade Centre, the response of the Bush Administration in the US at the time and the subsequent deployment of multinational forces to both Afghanistan and Iraq in the early part of the 21st century, resulted in broad, fundamental and lasting changes to the global security landscape. As the 20th century drew to a close and Australia prepared to host the 2000 Olympics, a team of Australian security professionals led by Neil Fergus were working around the clock to ensure that the Sydney Olympics would be one of the safest on record. And, in doing so, that same team brought about some fundamental changes to the way we approach security. Prior to his life as CEO of Intelligent Risks, Neil spent much of his early professional life working for the Australian Government before taking on the role of Executive Director: Security, Risk and Intelligence for the Sydney 2000 Olympic and Paralympic Games. “The 2000 Olympics dramatically changed the way we view and engage in security in Australia at a state, commonwealth and private level on a number of fronts,” states Neil. “For starters, it changed how defence force aid is rendered to the civil powers in Australia. As part of the lead up to the 2000 Games, Australian police and military, along

064 SECURITY SOLUTIONS

The rise of radical Islam and the spread of terrorism into the Western world... resulted in broad, fundamental and lasting changes to and provided greater granularity and certainty in terms of ratings and recommendations.” the global security It is Neil’s view that this new framework and landscape. approach to risk management, as part of the

with the Government, engaged in extensive counterterrorism training and a range of practical and desktop exercises that, for the first time in Australia, not only involved various ministers but also the Prime Minister, resulting in dramatic and significant improvements in Australia’s counterterrorism response and planning arrangements.” The period leading up to the Games also saw the first ever deployment of the Australia Special Air Services Regiment (SASR) to the eastern states where Tactical Assault Group (TAG) East first stood on a temporary basis for the Olympics before being raised as a fixed command based in Sydney in 2002. Perhaps the most important change to arise from the 2000 Olympics, however, was the way not just Australia, but many countries around the world, viewed and employed risk management. “Prior to the 2000 Games, under the old standard, many agencies, government departments and security practitioners were engaging in protective security risk reviews,” states Neil. “However, it could be argued that these reviews were very crude and embryonic and were not fit for purpose for an event as complex as an Olympic Games.” “I had a team of people working with me on the Games that did a brilliant job developing a risk management framework based on the old standard, but which involved a lot more analysis

security planning for the 2000 Games, led to risk management becoming more widely used and adopted in the security industry both nationally and internationally. Neil also strongly believes that the security work being undertaken both in the lead up to and during the Games set a new benchmark for collaboration between federal and state agencies and law enforcement, as well as the private security sector. “This has been maintained and probably even improved if you look at the work being done at the Melbourne Commonwealth Games in 2006 as well as subsequent events like the Commonwealth Heads Of Government Meeting (CHOGM), Asia-Pacific Economic Cooperation (APEC) meetings and the like.”

INNOVATION KEEPS YOU ONE JUMP XS4MINI AHEAD NEW

Cutting-edge design. SALTO technology.

SALTO System’s XS4 mini demonstrates yet again how SALTO breaks new ground thanks to this innovative product’s mini size and mini installation needs. Good-looking product is also a SALTO trademark and with the XS4 mini we again raise the bar on this already high standard thanks to the XS4 mini’s small discreet size combined with a modern, clean LED aesthetic.

`Now Available´

Australian mortise locks and tubular latches compatibility. Ideal way to convert a basic mechanical door into an attractive, electronically controlled door. SVN data-on-card technology inside. Cuts maintenance costs.

Easy to install & use. With the XS4 mini, the only holes needed are the two alongside the handle set. Design. Small discreet size combined with a modern, clean LED aesthetic. RFID. NFC & smartcard technology enables you to integrate all your user’s physical security needs into a single credential. Powerful software to control who goes where and when, and while leaving behind an audit trail. Security + Reliable access control 24/7. Secure & control virtually every door.

The access control technology you can rely on. www.saltosystems.com SALTO SYSTEMS Australia: Level 1, 191 Botany Road, Waterloo NSW 2017, Australia - Tel: 1300 739 959 - Fax: +61 2 8580 5099 - info.sydney@saltosystems.com SALTO SYSTEMS WORLDWIDE: Australia, Belgium, Canada, China, Czech Republic, Denmark, France, Germany, Italy, Mexico, The Netherlands, Norway, Poland, Portugal, Singapore, Slovak Republic, South Africa, Spain, Switzerland, UAE, UK, USA.

SECURITY SOLUTIONS 065

COVER STORY

Neil goes on to explain, “The Sydney 2000 Olympics was, to the best of my knowledge, the first time in Australia that a city, and hence the state, did not have the available manpower resources to properly secure the event. This led the state and commonwealth governments to engage in a level of consultation and engagement with the private security sector on a scale that we had not previously seen in Australia. That level of engagement helped build and establish a working relationship between government and private security that had not previously existed to the same degree. In fact, you can see this reflected in the preparation for the upcoming Commonwealth Games on the Gold Coast in 2018 in the way that the local and state governments are proactively engaging with the private security sector, and the level of comfort and understanding that exists between the different parties.” So, while Australia managed to not only put on one of the safest ever Games and develop new and improved ways for securing major events in the process, what would happen just over a year later would once again irrevocably alter the security landscape. S AND GOVERNMENT OURCE FOR BUSINES DING SECURIT Y RES AUSTRAL ASIA’S LE A

Preventing Terrorist Attacks

$8.95 inc GST $9.95 NZ

CAN IT BE DONE?

#43

SEPT/OCT 2006

10 Things You Need To Know About Network Cameras Who Is Listening To Your Mobile Telephone Calls?

066 SECURITY SOLUTIONS

Perhaps the most important change to arise from the 2000 Olympics, however, was the way not just Australia, but many countries around the world, viewed and employed risk management.

In the late hours of 11th September, 2001, as many Australians sat glued to their late night weekly dose of The West Wing, news erupted across our televisions of first one and then a second plane that had slammed into the World Trade Centre towers in New York, a tragedy that would set in motion a series of events which would change the nature of security on a global scale well into the foreseeable future and beyond. For anyone in security, 9/11 is seen as a turning point. One of those rare, defining moments to which we can trace back and pinpoint the exact moment that the paradigm in which we operated was permanently shattered. For many, both in and out of the security industry, it was the moment that terrorism became real and not just something that happened on the news to people in other, far-flung countries. America was seen as untouchable, impregnable – the very epicentre of the Western world. If it could happen there, it could and just might happen here.

The revelation to the wider Western world that Al Qaeda and its many affiliate groups were actively seeking to bring harm to countries like the US and Australia seemed almost too far outside our frame of reference to fully grasp. That is, until the following year when, one year, one month and one day after the attacks of 9/11, on the second anniversary of the bombing of the USS Cole, a little-known Al Qaeda affiliate, Jemaah Islamiah, orchestrated and carried out the detonation of a massive car bomb in Bali which killed 202 people (of which 88 were Australian) and injured over 300 more. Not only was this the first time Australia had felt the real weight of a terrorist attack actually reach out and touch Australian lives on a major scale, it also burst the belief held by many Australians that 9/11 was an isolated incident which could be viewed as an anomaly in the grand scheme of global and local security. Unfortunately, the next decade would provide constant reminders that security had become a serious issue for every country – from the London bombings of July 2007 to the Mumbai attacks in 2008 and the Paris attacks in November of 2015, with all manner of

BIG

on reliability on storage on security on ideas on performance

terabytes

NAS - 24x7, 180WLR, RV Sensors, 5 Year Warranty, +Rescue Option, 8 Drives per Bay

A landmark 10 years - A landmark 8TB drive Enterprise NAS - 24x7, 300WLR, RV Sensors, 5 Year Warranty, +Rescue Option, 16 drives per bay

With a decade of innovation & development, Seagateâ&#x20AC;&#x2122;s new 8TB drive makes for a truly reliable surveillance partner. SURVEILLANCE - 24x7, Up to 64 Cameras, RV Sensors, 3 Year Warranty, +Rescue Option,

seagate.com

Archive - 24x7, 180WLR, RV Sensors, 3 Year Warranty, SMR Technology

Desktop - 7200RPM speed, 256MB Cache, 3 Year Warranty

SECURITY SOLUTIONS 067

COVER STORY

attacks and incidents in between, not the least of which was the Lindt Café siege in Martin Place, Sydney, in late 2014. While terrorism has dominated a great deal of the security debate since the beginning of the new millennium, it has not been the only catalyst for change. When issue number one of the magazine hit the streets in 1999, few clients even had email and fewer still actually had websites. Those websites that did exist were virtually useless as 28k modems running over extremely slow connections would sometimes take 20 minutes or more to load even the most basic company page. Now, less than two decades later, the Internet of Things (IoT) has become the next major area of focus for many security commentators and companies, with predictions that over the next few years virtually everything and everyone will be connected 24/7/365. Furthermore, cybersecurity has become one of the fastest growing markets on the planet, with demand for qualified experts growing almost as fast as the number of new cyber threats emerging on a daily basis. Connected homes and connected buildings are rapidly morphing into smart cities as the push for greater information sharing, data mining and smarter systems grows at an exponential rate. The innovations which have so dramatically changed the security landscape since the 20th century can, once again, be traced back to a particular period and even a particular company which helped to kick start the evolution. In 1984, around the same time that Apple launched its revolutionary Mac SE, Martin Gren and Keith Bloodworth launched a small company in the cosy university town of Lund in Sweden. What began as a small business developing and selling protocol converters and printer interfaces for connecting printers to IBM mainframe computers would eventually become an international powerhouse in the security industry. Following their successful growth into the printer server market in the early 1990s, thanks largely to the decision to shift the company’s efforts away from IBM mainframes

068 SECURITY SOLUTIONS

For anyone in security, 9/11 is seen as a turning point... it was the moment that terrorism became real and not just something that happened on the news to people in other, far-flung countries.

to focus more on Transmission Control Protocol/Internet Protocol (TCP/IP), Axis began to explore new markets, developing the world’s first network camera in 1996. However, it was not until 1999 that the company began producing network cameras in volume with the launch of the AXIS2100. According to Vlado Damjinovski, widely recognised as one of the world’s leading experts in CCTV and electronic security, it was around this time that the electronic security industry began its inexorable march towards digital innovation with the emergence of the first digital video systems. However, it was not until around 2005, with the emergence of high definition cameras and recorders, that digital CCTV began to have a serious impact on traditional analogue systems. “People began to realise the benefits of digital CCTV when they saw what could be achieved through the use of mega pixel cameras and recorders,” states Vlado. “The vastly improved resolution of these cameras enabled users to more clearly identify people, assets, objects and all manner of other things. When combined with other emerging technologies such as facial recognition, the ability to quickly search digital

archives, make back ups and copies of data for law enforcement and so on, the benefits of digital became obvious.” With the switch to digital video and the introduction of analytics and IP networking came significant changes in intrusion detection and access control technologies, leading to greater requirements for integrated systems. “I think this was another major turning point in security,” states Vlado. “All of these different cameras and systems having to work together gave rise to a need for standardised protocols, resulting in the formation of groups like ONVIF.” Formed in 2008 by Axis Communications, Bosch Security Systems and Sony, Open Network Video Interface Forum (ONVIF) is a global not-for-profit organisation dedicated to the development and use of a global open standard for the interface of physical IP-based security products. “This was a major and necessary step forward in the evolution of technical security,” states Vlado. “Of course, there have been and continues to be other groups working towards open standards, but the important transition was the recognition of the fact that the industry needed such standards and the fact that major

AUSTRAL ASIA’S LE ADING SECURIT Y RESOURCE FOR BUSINESS AND GOVERNMENT

L ASIA’ AUSTRA

ISSU E 86

OCT /NOV

rity 2013 - Secu

In Smart Citie

www.se

curitys

olution

smagaz

ine.com

AUSTRALA

AUSTRAL ASIA’S LE ADING SECURIT Y RESOURCE FOR BUSINESS AND GOVERNMENT SECURIT Y SOLUTIONS MAGA ZIN E

SECURIT Y SOLUTIONS MAGA ZINE

$8.95 inc GST $9.95 NZ

ISSUE 87 DEC/JAN 2014 - The Race

WHY

To The Bottom

ISSUE 40 2006 - WHY TERRORISM AFFECTS EVERY BUSINESS

TERRORISM AFFECTS EVERY BUSINESS IN THE AUSTRALIAN & ASIAN REGIONS

#40 MAR/APR 2006

Increase Security Without Increasing Costs

zine.com

PUBLIC WIRELESS CCTV

w w w.securitysolutionsmaga

ww w.securitysolutionsmagazine.com

manufacturers were prepared to come to the table and work together.” Today, increasingly intelligent systems drive demand for newer and more innovative ways to mine and use the trove of data being collected on a daily basis. Security in major corporations has evolved beyond a simple night watchman and an ex-police officer come security manager charged with ensuring the safety of company premises and product. Today’s corporate security departments are staffed by universityeducated professionals. This new breed of security professional understands and speaks the language of finance, embraces the role that security plays in delivering an improved bottom line for an organisation, and recognises the delicate balance that must be struck between providing a more secure environment in an increasingly unstable world while working with other departments to ensure that corporate goals are met. Most importantly, the modern security manager knows that brand and reputation must be protected as diligently as any other company asset. This is just one more example of how the industry has changed over the last 15 years. Organisations such as Australian Security Industry Association Limited (ASIAL), Security Professionals Australia (SPA) and a variety of state-based associations and initiatives such as the Australian Security Medals Foundation

ways for the better and in others for the worse. Either f ole O way, this is the The R y In it r u c Se s new normal and the t Citie e Smar Futur e h T sooner governments Of and corporations come to accept it, the sooner we can begin to focus on how to effectively prepare for the next 15 years. If nothing else, it has been an interesting journey and we would like to thank all those dedicated readers, supporters and advertisers who have taken the journey with us. Words cannot express the gratitude we feel, as organisations such as Security Solutions cannot exist without the support of the industry we serve. We look forward to continuing to serve for many more years to come. NE

ISSN 1833-0215

BUSIN CE FOR

AZI NS MAG

#73

AUG/SEP 2011 $8.95 inc GST / $9.95 NZ

UR T Y RESO

IO Y SOLUT

Ten Years Later: What Have We Really Learned?

SECURI

SECURIT

(ASMF) have all led the charge to see Australia fall in line with the rest of the world (and in some cases lead the world) in the quest to transform security into a recognised profession. Likewise, at the operational level, changes to legislation at a state level across all jurisdictions of Australia, beginning with the introduction of licensing for crowd control and security personnel in the early 1990s, have given rise to another of the many major reforms which have occurred in the industry since the beginning of the 21st century. Given the rapid pace of technological change, it has become increasingly difficult to predict with any degree of certainty where the next 15 years might lead. What has become evident, however, is that the premillennial era, in which people could take nail clippers on aircraft, security managers had to be men and only needed a background in the police or military, and the only threat to your computer was the idiot sitting at the keyboard, is little more than a memory. The idea that we might some day put down groups like ISIS and Al Qaeda and return to a state of pre-9/11 bliss is both naive and foolish. Governments, corporations and Joe Citizen all need to accept that the world has forever changed; in some

Lessons From 9/11

NG S LEADI

SIA’S LE AD ING SECUR ITY

RESOURCE

FOR BUSIN ESS

AND GOVE RNMEN

AUSTRAL ASIA’S LE ADING SECU RIT Y RESOURCE FOR BUSINES S AND GOVERNMENT

Recoverin From Disag st e r s What Ro

le Should Security Leaders P lay?

#72

JUNE/JULY 2011 $8.95 inc GST / $9.95 NZ ISSN 1833

-0215

In y ri t n t cu e S e rn m e ve id 20 G o G u I D E S IN 11

The Race To The Bottom

Why Everyone Looses

#87 DEC/JAN 2014 $8.95 inc GST / $9.95 NZ

SECURITY SOLUTIONS 069

LEGAL

Q&A Anna Richards

Dealing With Corporate Oppression Ask a group of people what they think corporate oppression might be and there will be a variety of answers, ranging from companies using slave labour and ‘sweat shops’ in third world countries to make greater profits, through to large corporations putting the squeeze on smaller businesses in order to drive out the competition. However, in the context of this article, corporate oppression is basically conduct by one or more members or officers of a company which is ‘oppressive’ to another member or members. When this occurs, a member or members of the company may need to seek relief from the court. If the issues in dispute cannot be resolved, the court can even order that there be some form of what is being dubbed a ‘corporate divorce’. Why is this relevant to the security industry? Because there are a significant number of businesses, from patrol and guarding companies through to systems integrators and more, that are partnerships between two or more people. In these partnerships, it can often be the case that one or more of the partners in a business might decide to force one of the other partners out of the business for whatever reason, be it a breakdown in the relationship, a difference of opinion over the direction the business should take, or something as simple as a change in life circumstances. Some Common Examples of Corporate Oppression Following are some common examples of conduct that has been found by courts to amount to corporate oppression. Improper diversion of business The first example is the improper diversion of business. Imagine A and B are the sole shareholders of Company 1, an alarm installation business. A and B have been arguing about some management problems

070 SECURITY SOLUTIONS

and are attempting to agree on one of them buying the other’s shares in the business so that only one of them will continue to operate the business. Imagine that, before they have resolved this issue, B starts installing alarm systems on weekends (outside the usual operating hours of Company 1) through another business, referred to as Company 2. In such a situation, B is engaging in oppressive conduct in that he is diverting income which he should properly be channeling through Company 1 instead of through Company 2. In such a situation, A would probably succeed in obtaining orders from the supreme court requiring that the income of Company 2 be accounted for and paid to Company 1 and that B be restrained from continuing to compete with Company 1. Oppressive conduct in boardrooms It is easy to imagine that oppressive conduct might occur in the heated environment of a board meeting of directors of a company. Imagine a patriarch of a family who previously owned the business having sold it but remained on the board of directors. Imagine that director wishing to continue wielding the same power and dominance that he did when he alone owned the business many years ago. It is not difficult to imagine that such an attitude may grate against other board members and the shareholders of the business, particularly if that patriarch was attempting to make decisions without consultation with other members or by attempting to railroad them into agreeing with him. In such a situation, one or more of the directors or the shareholders might choose to seek relief from the court. That relief may be in the form of reversing decisions of the board made under duress and also for the removal of the offending person as a director of the company.

Payment of excessive remuneration Another example of oppressive conduct is the payment of excessive remuneration. For example, imagine Company 1 had four shareholders – A and B who are married, and C and D who are simply individual shareholders. Imagine that Mrs B works only nominal hours in the business, while shareholders A, C and D all work full-time in the business. Now, suppose that all of the shareholders are paid remuneration of $100,000 per annum, despite the fact that three of them work full-time while Mrs B only works nominal hours. One could easily envisage that shareholder A, who is Mrs B’s husband, may have no issue with his wife being paid the same amount as the other shareholders, because he would indirectly also benefit from her inflated income. However, it is likely that shareholders C and D would take issue with it and potentially see it as excessive. C and D would potentially be able to argue that if Company 1 employed an employee at arm’s length (who was unrelated to any other shareholder) to carry out the work duties of B, that Company 1 would pay such an employee a significantly lesser amount of remuneration than was currently being paid to B. In such a situation, any one of the shareholders would be able to apply to the supreme court for relief. That relief would likely be in the form of an order reducing and capping the remuneration of B while she continues to work less than full-time hours. Excessive reduction in the payment of dividends In some cases, decisions by a company to reduce or even cease paying a dividend (payment from profit) to shareholders is treated as being done to effectively suffocate the cash flow of minority shareholders. Imagine that Company 1 has 1000 shareholders and that shareholders 900 to 910 (that is, 10

LEGAL

Q&A

shareholders) frequently oppose decisions that the board of directors wish to make in relation to the conduct of its affairs. It could be possible for the board of directors to make a decision to reduce the dividends and hence the income payable to shareholders 900 to 910, for instance, to effectively halve their incomes. Such a reduction could adversely affect each of them. It could also make them more vulnerable to influence. In such a case, shareholders 900 to 910 would be able to ask the supreme court to intervene and to make an order that their dividends be restored to their previous level or to a level which is fair and reasonable. Minority shareholding being unfairly diluted Another example of conduct which courts have found to be oppressive is where a minority shareholding is unfairly diluted or where such a shareholder is forced to sell his shares to another shareholder. In such a situation, the affected shareholders would be able to seek relief from the court. Denial of access to information Probably one of the most common examples of oppressive conduct is where a person or persons refuse to provide the other shareholders with access to books of accounts and records of the company. For example, imagine that Company 1 has three shareholders, A, B and C, and that A and B are married. Further, imagine that A and B lent $100,000 between them ($50,000 each) to Company 1 in order for it to acquire plant and equipment necessary for it to operate its business and create an income. Assume that Mr A has no involvement in the day-to-day running of Company 1 and that Mrs B and C run the day-to-day operations of Company 1. Assume that Mr A & Mrs B hold and control the books of account of Company 1 and took

on the role of controlling its finances. Further, that A and B do not involve C in any decisions regarding the finances of Company 1. Imagine that C becomes disturbed about the low level of his remuneration and has no idea whether or not this is due, in part, to shareholders A and B paying the income of Company 1 towards payment of the loans they made to Company 1 or for some other reason. Imagine that C, out of the blue, asks A and B for access to the books of accounts of Company 1 so that he can work out a number of things, including: • how much each of the shareholders are being paid • whether A is being paid comparatively less than B and C because he is not involved in the day-to-day running of the business • whether interest is accruing and payable by Company 1 in relation to the $100,000 loan from Mr A and Mrs B and, if so, whether that rate is comparable to market rates (for instance, that offered by banks) • whether the income of Company 1 is being allocated, even in part, to repayment of the loan • the level of net income of the business and whether it is even profitable • the usual expenses of Company 1 • whether the income of Company 1 is only being used to pay properly incurred expenses of Company 1. If A and B refused to provide access to company financial records for whatever reason, then C would be entitled to seek an order from the supreme court to force them to provide said books. What is Involved in Applying to Court Usually, the most worrying part about having to commence court action is the enormous financial and emotional cost involved. However, the supreme court has recognised that most eligible cases involve small businesses with

few financial resources to fund such court action. In response to this situation, the courts have introduced a pilot program which enables such relief to be sought through a simplified procedure that aims to resolve the issues in dispute early in the court process and in a cost-effective way. It achieves this by restricting the length and complexity of court documents which set out the claims and also by requiring the parties to engage in a mediation process very shortly after commencing the court action. What Relief can the Court Grant? In summary, the court can provide relief via a number of different types of court orders, including: • ordering that the entire company be wound up • ordering the sale of shares of the company from one member or members to another or to the public • ordering a company to commence or cease certain court action • regulating the affairs of the company into the future • restraining a person from engaging in certain conduct. Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on: (03) 9872 4381 or 0419 229 142. Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.

SECURITY SOLUTIONS 071

FEATURE ARTICLE

072 SECURITY SOLUTIONS

How Security Can Improve By Degrees

SECURITY SOLUTIONS 073

FEATURE ARTICLE

By Rod Cowan Over morning coffee with Professor Martin Gill in the Institute of Directors’ restaurant in London, I mentioned a blog post I had read that morning by a Bachelor of Security student on being asked why he needed a degree to be a security guard. “Complete waste of time,” said Gill. “Far better to study business.” A spirited debate ensued. That evening at dinner, a friend’s wife (who is a high-flying strategy consultant) was even more scornful: do business if you must, she maintained, but a politics, philosophy and economics degree gives a far better grounding. She was also adamant that security, like so many degrees today, is one of a number of “made up” degrees bringing higher education into disrepute. Between them, the professor, the business expert and the student sum up the malaise affecting higher education in security. A malaise expressed in one word back in Australia by Professor Nara Srinivasan, head of the Centre for Aviation and Security Studies (CASS), when asked where the industry is with higher education in security, “Nowhere”. Edith Cowan University (ECU), which partners Emirates Group Security in CASS programs, is no newcomer to security studies. In the late 80s, ECU Adjunct Professor Clifton Smith sent me a letter outlining a Bachelor of Security degree. It was later to become a Bachelor of Security Science but, at the time, as admirable as such ideals may have been, it struck me more as lunatic fringe than cutting edge. Since then, apart from International Relations courses re-badged as Security Studies after 9/11 (and a bubble in Masters’ programs after the 2007 global financial crisis), the only areas receiving serious attention are those in the press, such as radicalisation, attracting the attention of dollar scholars sniffing out potential funding. “It is a bit like security where you prepare for the [most recent] event,” says Srinivasan. “Education seems to roll the same way. An event happens, we put up a new program for that event, and then we forget about it. Then something else happens.” Srinivasan says the situation is unlikely to change until industry seriously pursues professionalisation and engages with academia. “If you look at what has happened

074 SECURITY SOLUTIONS

in other industries – and I always give the examples of accounting and nursing – until a university got involved the industry did not get fully professionalised in some way or form,” says Srinivasan. “The industry is responding, but it is taking a lot longer than it should.” That is as it should be, according to Professor Michael Kennedy, International Affairs Manager at Western Sydney University. “What we have to bear in mind is the professionalisation process is not something that takes place overnight,” says Kennedy. Indeed, the process is so slow that many in the industry will not live to see it eventuate. A major impediment, he says, is the nature of academics, who like to portray themselves as anti-establishment, but who are in fact anti-authority. Moreover, security and policing studies are dominated by the likes of critical criminologists “totally absorbed in gender studies”. “They have little regard for working class people who become mobile,” says Kennedy. “In the university sector, the snobbery is beyond belief.” Many of them have gone from private school to university and into PhD studies and believe they can teach without any police or security experience. “Applied learning is about teaching people about putting theory into practice and they have not got the capacity to do that, because they do not know what the practice is.” Scratch the surface of any academic, however, and you will find they believe TAFE is where people train for jobs and university is not the place for applied learning – that happens after graduation. All well and good in theory, but students – and importantly their parents – are looking for a return on between $15,000 and $25,000 a year in fees. That means getting a job at the end of their studies, especially since a degree is more or less the modern-day equivalent of a Higher School Certificate (that is, a minimum entry requirement) – in some areas of government, a double degree is a must. That said, security is widely acknowledged as a poor payer, especially at entry level, which may be why security studies is often seen as an optional extra at best. Australian National University (ANU), for example, lists 37 courses under security, but these are 37 different degrees ranging from a Bachelor of Archaeological Practice to a Bachelor of Art

History and Curatorship that have a Bachelor of International Security Studies added as the second string to double degree courses. Adding security studies to their curriculum, says ANU, will make students “well placed for positions in a wide range of public and private sector organisations, including roles as policy advisers, planning and research officers for state/federal government, market and social researchers, personnel officers and human resource management”. Not, apparently, as security managers, consultants or agency security advisers. Even specific security degrees barely mention security as a career option. For example, the blurb for Griffith University’s Bachelor of Arts majoring in Security Studies says it will equip students for “a wide range of careers”, with security organisations buried between “international relations” and “anti-terror organisations; defence; politics; non-government organisations; energy sector; environmental protection; human rights lobbyist; crisis communications professional; government”. Little wonder, then, that attracting new security students in Australia is such a hard slog, with most of the real growth coming from overseas students in regions where security is a high priority and/or where government grants are available for retiring military, police or government officials.

“Applied learning is about teaching people about putting theory into practice and they [academics] have not got the capacity to do that, because they do not know what the practice is.”

From the point of view of academia, even if applied learning cannot be countenanced, the industry needs people who can think about security in a modern context.

So why bother with a security degree? From a student point of view, as the blogger mentioned earlier pointed out, a security degree provided him with critical thinking skills and knowledge that provides him with employment mobility. He can switch from, for example, aviation to the financial sector almost at will and, more importantly to him, almost anywhere in the world. Not only that, it is a growth sector and one with increasingly complex challenges. He may never be that highly paid, he says, but he is unlikely ever to be unemployed. A nuanced but nonetheless persuasive argument that is likely to work just as well on any other parent as it did on his. Remember, too, that today’s graduates are the first generation to have grown up with their earliest memories involving planes flying into buildings, terrified parents not knowing what to do, and not being able to watch cartoons that week. As such, their attitude to security is different. Which means, from the point of view of academia, even if applied learning cannot be countenanced, the industry needs people who can think about security in a modern context, not least of which because so many rights are being eroded in the name of national security. If student numbers and funding are a concern, think global, since the employment mobility the blogger enjoys also translates into market mobility.

Security may still be a basement office role, tucked away behind the scenes and a long way from being seen as a business enabler, except by industry insiders. It may be further still from being a routine C Suite matter; knowing about a risk does not necessarily mean acting on it. But from the business person’s viewpoint, it is still an integral part of society and business and one that has continued to grow, if only in size rather than stature. For security to grow in stature and to improve its reputation, the industry will need to start charting its own course on the road to professionalisation, the end of which may not be seen by many in the industry. Fusing academia and business needs is possible – as proven through the CASS experience – through offering a mixture of short courses, graduate studies, internships and research opportunities focused on security. Vehicles for greater industry and university collaboration, however, will be needed. For example, one suggestion is the creation of a network along the lines of the US National Security Higher Education Advisory Board (NSHEAB). Created by the Federal Bureau of Investigation (FBI), its purpose is fostering outreach and promoting understanding between higher education and the FBI, as well as facilitating communication between universities and federal authorities on “national priorities pertaining to terrorism, counterintelligence and homeland security”. Such a network could focus on providing education and knowledge sharing; combining intellectual underpinnings to applied learning. Importantly, it could also examine how to speed up delivery of important information, while facilitating long-term research capabilities. For any of this to happen, of course, the current crop of industry leaders, academics and policy makers will need to start thinking less about their personal future and more about their legacy. Until then, security will remain a matter of opinion bandied about over coffee or in dinner conversations, rather than an art than can be taught, far less a science. Rod Cowan is a Contributing Editor to Security Solutions Magazine. He can be contacted via email mail@rodcowan.net

SECURITY SOLUTIONS 075

LOSS PREVENTION

076

Progress or

Regress? Retail Loss Prevention – The Last Fifteen Years By Darren Egan I have been employed in the retail loss prevention industry since the turn of the century. When put in that context, it sounds like an inordinately long time! Nonetheless, over the last 15 years, the role of retail loss prevention has progressed further than the timespan itself, or so it seems. What is Retail Loss Prevention? Retail loss prevention is the mitigation of internal and external business loss through the implementation and management of policy and procedure. Retail loss prevention is maintaining a safe working environment for company staff and customers. Part investigator, part analyst and part high-end communicator, the modern-day loss prevention practitioner’s skill set must be adaptive to suit the particular needs of the retail business, as well as the size and scope of the role. On any given day, loss prevention may find itself faced with a variety of challenges, some of which might include a store break-in; an internal staff investigation; setting up a new store’s security system; or a requirement to prepare and deliver a short, sharp PowerPoint

presentation. Beyond that, there is the plethora of general loss prevention related queries, tasks and appointments required to maintain crucial momentum and ultimately make loss prevention a success. In short, a loss prevention practitioner never knows what he or she will be confronted with on any given day. This makes the role of loss prevention not only challenging, but also exciting, rewarding and extremely fulfilling. What has Changed over the Last 15 Years? To answer that, it is necessary to take a brief step into the past. Fifteen years ago, I moved into a new, albeit temporary career in retail loss prevention (or so I thought at the time!). As a uniformed loss prevention officer (LPO), I worked for a nationally recognised Australian big box retailer in a multi-level department store located inside a suburban shopping centre. Initially, I slotted into a large security team of uniformed LPOs whose duties revolved around closing and opening the store in between deterring shoplifters from stealing company merchandise. Back then, there appeared to be an underlying pressure from store management to reduce the loss prevention

team’s budgeted hours – a feeling I received from the occasional grumblings of the then LP team leader. Three years later, as the newly appointed loss prevention team leader and operating under a much leaner loss prevention budget, I was summoned to the operations manager’s office. A keen cost-cutting administrator, the operations manager informed me that the store’s shrinkage/ wastage had fallen by some 20 percent during the past financial year. After complimenting the loss prevention team for playing their part in the result, the operations manager delivered a devastating bombshell: in line with the 20 percent shrinkage reduction, the store intended to cut the loss prevention team’s rostered hours by a similar 20 percent margin. I left the office feeling gutted, mostly because I was now faced with the unenviable task of informing my loss prevention colleagues that, as a consequence of all their good work, they would be forced to take a cut in time and pay. This example, or ‘negative reward’, was typical of the time and provides an important insight into where loss prevention sat on the retail pyramid. Although on the surface the actions of

077

LOSS PREVENTION

the operations manager appear unduly harsh, on reflection, and taking into consideration the limited scope and accountability of the loss prevention function at the time, the decision made sound economic sense from a store operating perspective. Looking back, above all else, the experience provided one valuable lesson: the higher the direct reporting line, the greater the opportunity to influence and effect change. Fast-forward six years and I am lining up with yet another iconic national big box retailer, this time in a different state. I am now the store loss prevention manager, in charge of an even larger loss prevention team. In years gone by, the store had faced significant challenges, only to ultimately fall short in its shrinkage/wastage targets. It took only a short while to realise that, in order to achieve any kind of shrinkage reduction, the store would have to go back to basics with its loss prevention program. Good loss prevention techniques and strategies, if communicated effectively, will work successfully in every retail business, large or small, across all states and regions. Meanwhile, back at store level, one of the immediate challenges involved a severe lack of communication between the existing loss prevention team and the senior sales management team. This was well demonstrated by the sales teamâ&#x20AC;&#x2122;s willingness to throw away additional money and resources in order to make inroads into the storeâ&#x20AC;&#x2122;s massive shrinkage bill. The extra resources (in the form of security and staff) were being committed without necessarily engaging or seeking the input of loss prevention. In real terms, it appeared that a major disconnect had developed between the sales and loss prevention teams. Having LPOs who are well informed by staff, and staff who are equally well advised by LPOs, should form the base camp of any loss prevention/risk management role. Fortunately, the ending had a positive outcome. Upon the implementation of tried and proven loss prevention strategies and initiatives, within a relatively short space of time the store easily achieved its shrinkage provision. Equally as significant, the relationship between sales and loss prevention improved considerably.

078

Retail loss prevention is the mitigation of internal and external business loss through the implementation and management of policy and procedure.

Nothing sways the hearts and minds of senior management more than results. Finding easy wins at the beginning of any loss prevention campaign (in the form of bottom line savings) will not only gain the loss prevention practitioner credibility, but also much needed buy-in. This becomes critical when the time comes to tackle the more complex loss prevention issues besetting the retail business. By now, the reader may have picked up on a common thread through the aforementioned examples; namely, the tenuous relationship shared by sales and loss prevention. Building a positive relationship between sales and loss prevention often proves as challenging as any loss prevention task. The two parties often end up on opposing sides of the loss prevention equation, mostly through miscommunication, with shrinkage emerging the loser as a result. Thankfully, things are finally changing for the better. This can be boiled down to one incontrovertible fact: shrinkage, or wastage, occurs across ALL levels of a retail business. Potentially, this means that the amount of deliverable bottom line savings is almost limitless.

Where is Retail Loss Prevention Going? How Far can the Function Rise? The answer is: all the way to the top! In the past three to five years, a raft of global retailers has landed heavily on Australian shores. With the number of foreign retailers only expected to increase, Australian retailers have been forced to lift their game on every level in order to keep pace with their rival global megastars. Coinciding with this retail renaissance, the loss prevention function has evolved faster than at any time during the past 15 years. An important aspect of the current shift in the Australian retail landscape is the way in which the internationals have exposed local retailâ&#x20AC;&#x2122;s past failings. One major learning has been the utilisation of existing assets (staff for example) over employing additional resources to get the job done. Why, for instance, would a retail company pay extra for security guards when, provided some specialist loss prevention coaching, staff will perform the same job? Why create an extra department (for example store facilities) when the risk/loss prevention function is eminently suited to handling the overflow, including sourcing the contractor company and negotiating the terms and conditions of the contract? Indeed, it would appear that terms such as expertise, innovation, inclusivity and versatility have become the new buzzwords in a historically bland and uninspiring loss prevention vernacular. Even more promising, not only are the global retailers continuing to change the face of Australian retail, they are opening up their vaults of knowledge in the form of job opportunities for home-grown Australian talent. This core of internationally trained loss prevention/risk management practitioners now represent the cutting edge of loss prevention, assuring the continued rise of retail loss prevention within a thriving Australian retail market for many years to come. Darren Egan is the Loss Prevention and Audit Manager for the Star Retail Group.

MULTIPLE CAPABILITIES SUPERIOR SOLUTION

Volvo Group Governmental Sales Oceania

IN HOSTILE ENVIRONMENTS, ITâ&#x20AC;&#x2122;S IMPORTANT THE SYSTEMS THAT YOU DEPEND ON CAN

STAND THE TEST OF TIME.

At Volvo Group Governmental Sales Oceania, our core business is the manufacturing, delivery and the support of an unparalleled range of military and security vehicle platforms; a range of platforms that are backed by an experienced, reliable and global network with over one hundred years of experience

superior solutions, providing exceptional protected mobility SECURITY SOLUTIONS 079 www.governmentalsalesoceania.com

FEATURE ARTICLE

080 SECURITY SOLUTIONS

Breaking The Glass Ceiling:

Identifying Where The Corporate Security Function Fits Within The Corporate Organisation

SECURITY SOLUTIONS 081

FEATURE ARTICLE

By Codee Ludbey, Dave Brooks and Michael Coole Corporate security is the business function that provides for the protection of people, information and assets to support the self-protection of an organisation. Accordingly, corporate security enables the executive team to exercise control and governance across the organisation in the face of security threats. Such protection encompasses the implementation of security risk management, physical, technical and procedural controls, along with other security practices throughout the organisation. Nevertheless, the corporate security function remains poorly understood within organisations, both by the organisational structure and security practitioners themselves. Considering the growth of the corporate security industry in Australia and worldwide, it is unsurprising that ambiguity and misinterpretations of the actual roles and responsibilities of the function abound. Such ambiguities are most clearly seen when considering industry job titles such as the oft-prescribed but sometimes undeserved title of Director of Corporate Security. In reality, such roles often encompass more operationally focused guard force supervising and administering as opposed to navigating the intricacies associated with strategic management for the long-term in the face of wide-ranging threat scenarios with cascading consequences. The application of corporate security is generally considered a managerial practice, with security operations overseen by middle management. Consequently, effective security managers view their work as contributing to overall business objectives. Thus, modern corporate security is focused on protecting and, where possible, enhancing business operations to ensure resilience in the face of security threats. Interestingly, this view of the corporate security function is not as new as one would think. In 1916, management theorist Henri Fayol identified corporate security as a core organisational activity, contributing to broader business objectives. Fayol identified corporate security as a significant and distinct business function, with capability at every level of an organisation outside of the executive team.

082 SECURITY SOLUTIONS

Modern corporate security is focused on protecting and, where possible, enhancing business operations to ensure resilience in the face of security threats. Further theories on the structure of organisations have developed over time. For example, Elliot Jaques identified seven separate strata of work in an organisation, spanning from the front line worker through to the CEO (see Figure 1). Jaques found that each level of work becomes more complex and requires longer term planning than the level below it, with the upper echelons of an organisation operating on decisions up to and beyond 20 years into the future. Such insight provides a basis for understanding the scope of the corporate security function within organisations. Based on this understanding, recent research by the authors has identified corporate security as operating in the lower half of organisations, fulfilling a tactical and operational role in business operations, rather than predicting and making decisions spanning beyond five years.

Figure 1: Corporate Security in the Corporate Organisation

At first glance, many security practitioners, including ourselves initially, would dispute this claim, arguing security should operate at the executive level of an organisation, providing strategic security advice and shaping long-term decisions in the boardroom. This view is often espoused in industry magazines, corporate security management texts and academic journals, where security is further argued to be under-appreciated and misunderstood by the broader organisational team. However, in reality, this executive level position may not be the ideal positioning for the security function for numerous reasons. Firstly, it is generally accepted that the higher in the corporate ladder a person moves, the broader the responsibility he or she has. Such responsibility shifts from very specific, direct tasks such as patrolling a perimeter fence or manning a security desk at more entry level positions, through to much more general tasks such as preparing budgets for the next fiscal year or managing multiple five-year projects at a more senior level. Consequently, the more senior the position within an organisation, the more general the skills used in achieving work outcomes become. For example, an executive team member is not just responsible for one department, but for many and will therefore be the central decision maker. Consequently, security-only focused practitioners may not be suitable for the high-level generalist managerial environment of the boardroom, especially if their realm of responsibility remains with the specific application of security within the organisation. In contrast, executives who have progressed from the more traditional managerial domains, such as accounting or sales, shed their specialist knowledge upon progression into the

higher reaches of the organisations, delegating domain discipline specialist tasks and embracing generalist and conceptual work practices. A second argument against the executive operation of security practitioners is that the authors’ findings support that the majority of corporate security work operates within a relatively short time span. Operational security work, such as supervising guard staff, is generally conducted within a planning time span of one day to one year, whereas tactical work such as physical protection system design and implementation or guard force contracting is generally conducted between one and five years. In contrast, long-term strategic planning tends to operate beyond the five-year mark, with some executive teams operating with time spans extending up to and exceeding the 20 years. Furthermore, it can be argued that any salient threats facing an organisation can be mitigated through a planning time span of five years, with risk assessment, planning and control implementation processes being achieved without a need for longer term considerations. There are of course exceptions to this rule; however, the majority of security works are conducted well within this five-year frame. Consequently, the available evidence indicates that the practice of corporate security should not be operated in the upper echelons of an organisation, simply due to the speed at which actions need to be taken and projects implemented in the security environment to meet business objectives. Thirdly, consideration must be given to the primary purpose of corporate security. As discussed, corporate security provides for the self-protection of the organisation; however, it also ensures that business functions and operations continue in the face of malicious human interaction. Corporate security does not use strategic planning to directly raise revenue or directly increase efficiencies in operations, leading many across the organisation to view corporate security as merely an enabling cost centre. Nevertheless, as identified by Fayol, corporate security does provide those vital services that allow the corporation to interact with the broader external risk environment, ensuring

the business can expand, grow and explore new opportunities without being exposed to undue risks. Significantly, the authors’ research supports that these services shift security operations away from the traditional view, where corporate security is considered a support function of similar value as facility managers, towards a more accurate depiction where corporate security operates alongside technical functions such as IT or accounting services, directly impacting business operations. Thus, corporate security at its highest operating level should be operating at the middle level of an organisation, with direct oversight from upper management. Ideally, the corporate security function would have a direct line to the board, and would be frequently informing the executive team of the current threats and risks facing the organisation as it pursues business objectives. Whilst it is suggested that corporate security should not operate at the executive level, it is necessary for this function to continuously inform, advise and support the executive in its decisions where there is security relevance. The role of the corporate security function is to support business operations and this is achieved through inter-organisational communication. Consequently, corporate security practitioners wishing to progress beyond middle management and move into the executive team should consider the true nature of work at the higher levels of an organisation. Practitioners should be seeking a broader management education, potentially at a master’s level, braced with experience outside of the security discipline. To demonstrate the ability to operate at the executive level, indicating capacity to manage and lead in an area outside of security will carry significant weight, as well as provide invaluable lessons in the general nature of management. The perceived glass ceiling of the corporate security domain can only be broken by stepping outside the (security) square and leaving the specialist application of security behind – carrying all the concepts, lessons and knowledge from this domain forward to other practice areas in the business and thus embedding a security culture throughout the organisation.

Whilst it is suggested that corporate security should not operate at the executive level, it is necessary for this function to continuously inform, advise and support the executive in its decisions where there is security relevance.

SECURITY SOLUTIONS 083

AVIATION ALARMSSECURITY

Aviation Security – The New Norm

084 SECURITY SOLUTIONS

By Steve Lawson On the 30th of December 2015, a family was departing an airport in North Carolina. The 10-year-old daughter was called aside for a frisk search. The father was outraged at the “aggressive” pat down and “groping” by the Transport Security Administration (TSA) agent. The father filmed the pat down and put it on YouTube. For the next week or so he gave a number of interviews condemning the TSA and asking why it was necessary to check a 10-year-old so thoroughly. So, is this the new norm? It may be useful to look at why these procedures were introduced. Australia’s first ‘security incident’ was arguably on Qantas’ first overseas flight in 1935. Major Phillips of the Coldstream Guards and Lady Mountbatten had travelled by schooner from Tahiti to Sydney. They were returning to Europe from Australia and the first leg was by air to Singapore on Qantas. Major Phillips boarded the aircraft in Brisbane to be joined in Charleville by Lady Mountbatten. Major Phillips attempted to conceal his identity by travelling under the name of Wilson. The ticket agents asked Qantas’ Hudson Fysh for guidance. Hudson Fysh was apparently less than amused and replied, “We are sure you will realise with us the many unsatisfactory features connected with the booking of Lady Mountbatten and Major Phillips, alias Wilson. It is quite understood that this class of passenger will be in many instances very difficult to deal with and wish to alter their minds quite a bit. We would point out, however, that we cannot book passengers under assumed names.” As a security incident at the time and for some time after it was pretty minor, although today trying to fly under a false name would be considered much more serious.

Aviation Security Really Starts I can remember going to Adelaide Airport in the late 1960s to meet someone off an Ansett B727 and we were allowed through the gate to greet them; safety kept us away from the aircraft, certainly not security. However, things changed soon after that. The late 1960s and 70s saw a wave of attacks on aviation around the world. Terrorists learned how attractive aviation was as a target and one of the first forms of attack was hijacking. There were two major responses. The first was to make it more difficult to get a weapon on board an aircraft with the introduction of passenger screening. It was initially conducted on a ‘risk’ basis but, as with all processes, as one target becomes more difficult, the terrorist moves to another and, with time, passenger screening became the norm rather than the exception. The second was the creation of the air marshal concept. Air marshals really only have an anti-hijacking function. Today, more than 10 countries operate air marshal like units. The 1970s also saw the start of attacks against airports, notably Ben Gurion, Rome and Vienna. Probably the most visible innovation to counter those attacks was the introduction of armed police to airports, not simply as a patrol function, but as a counterterrorist response. 1980s and 90s The 1980s and 1990s are when aviation security as it is known today formed into a global practice. Readers may remember being asked questions at check-in like, “Is this your bag?” Those were introduced to counter the dupe passenger. In 1986, Jordanian Nizar Hindawi tried to send his pregnant Irish girlfriend, Ann Murphy, from London’s Heathrow Airport to

Israel with an improvised explosive device (IED) hidden in her suitcase. She had no idea about the device or that she was about to die. Then in 1988 an IED destroyed Pan Am Flight 103 over Lockerbie, Scotland, killing all 270 people. The bomb was concealed in a radio cassette player in a checked bag. I joined Australian Airlines Security not long after that incident. Until 11 September 2001, together with Air India Flight 182, it was the touchstone for aviation security. Why was Pan Am 103 so important? The mistakes made were on so many levels and on their own would be another article. Some of the things about aviation security that Lockerbie highlighted include: • intelligence was ignored or at least not well distributed • Pan Am did not treat security seriously or professionally o supposedly, they had untrained dogs acting as sniffer dogs o they handled the media poorly o emergency planning was poor • the IED was in a bag that did not have a passenger on the aircraft • airside security in Malta was compromised, supposedly by a trusted insider • transfer baggage was not screened. As a consequence of the Lockerbie bombing: • Pan Am, already financially fragile, went out of business soon after • intelligence was more frequently shared with those organisations that had a need to know • airlines realised that good aviation security was not simply a regulatory and duty of care issue – it was important to the business and there was a fiscal component that could include the loss of the company

SECURITY SOLUTIONS 085

AVIATION ALARMSSECURITY

Terrorists learned how attractive aviation was as a target and one of the first forms of attack was hijacking.

o interestingly, in many cases good security also brought cost- effective measures with it • security, which until then had been part of an airline’s safety regime, moved to its own discipline • the industry and government realised that security processes should be practical and adhered to • government realised that it had a role in aviation security and regulators needed an intimate knowledge of aviation security and the impact of policy • passenger baggage reconciliation became one of the bedrocks of aviation security – a bag does not fly unless the passenger is on the same aircraft • the process of X-raying checked baggage started to become the norm • it was recognised that security processes should be flexible to meet the threat • the trusted insider became a factor • it was recognised that technology as an aviation security tool was the way of the future. By the end of the 1980s, everything that is now understood as aviation security was pretty much in place and the 1990s were, thankfully, relatively quiet. Yes, some things did happen, but they did not impact the basic model. There was a focus on the trusted insider, which continues today. The 21st Century In September 2001, I was back in Adelaide for a possible strike and at my brother’s house laughing and having a beer when I asked him to move out of the way because he was blocking my view of the TV. My exact statement was, “Move over, I think an aircraft just flew into that building.” A couple of days later, I was in New York managing the on-site response to the September 11 attacks.

086 SECURITY SOLUTIONS

It is impossible to underestimate the effect of September 11 on aviation security. It did not change the basics, but it did change the focus. It seems hard to realise now, but the hijackers took nothing onto any of the aircraft that was illegal. Knives with a blade length up to 100mm were allowed on an aircraft; box cutters were certainly allowed. No one had used an aircraft as a weapon or a bargaining tool until that time, nor have they since. Consequently, crew training was based on experience with hijackers – obey the hijacker, do not be aggressive and people should survive the incident. Some changes that occurred as a consequence of September 11 (note that this list only includes the basic changes; the full list would again be an article on its own): • crew training changed • cockpit doors were locked and made resistant • sharps were banned from the aircraft • no-fly lists were introduced • passenger screening and checked baggage screening were tightened • sky marshals were expanded • air cargo screening was introduced and air cargo tightened up. Soon after September 11, terrorist Richard Reid attempted to ignite explosive devices hidden in his shoes on a flight from Paris to Miami. Consequently, security now look at shoes more closely and, in some places, require their removal for X-raying. In 2006, British officials foiled a plot to blow up aircraft flying from the UK to the US with liquid explosives hidden in carry-on bags. Consequently, passengers cannot take liquids, aerosols and gels onto an international flight. In 2009, Umar Faruk Abdulmutallab attempted to detonate an explosive device concealed in his underwear on board Northwest flight 253. Body scanners are now used.

Is the current aviation security the new norm? Yes. There will be modifications and maybe more procedures introduced. Security will probably become more efficient; it may even get Total Recall’s X-ray tunnel, but current measures are the basic model. I am sorry that a 10-year-old was frisked and did not like it but, to be brutally honest, as she grows up she will need to get used to it or travel by road.

Is the current aviation security the new norm? Yes. There will be modifications and maybe more procedures introduced... but current measures are the basic model. Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on 0404 685 103 or slawson@avsecconsulting.com

Distributed IP Access Control: • User Management • Access Control • Door Management

Advanced Access Control: • Zone Management • Device Management • Template Management

Time and Aendance Features

• Monitor Aendance • Hours Worked Calculaon • Holiday, Leave & Shi miPass Access offer i ff key features that allow users to extend the system beyond convenonal access control systems. miPASS Access is BQT’s Biometric access control system based on IP connecvity and biometric security. BIO X/XK devices work not only as a reader for mulple types of credenals, but also as an intelligent controller removing the need for a tradional controller. miPass Access includes features that allow adminstrators to define me, shis, daily schedules and holidays. miPASS Access can administer employees to comply with “On Site” and “Off Site” procedures, restrict access to off-duty employess and generate aendance reports. miPASS Access Time and Aendance features also give admininistrators the ability to generate a variety of reports. Contact our distributors for further informaon or a demonstraon SECURITY SOLUTIONS 087

088

Access Through The Ages By Jonathan Johnson

As long as there has been a requirement of securing assets and facilities, there has been a need to provide a way through these same security measures. Whether it is a door in a stone wall or a multi-credential biometric, token and knowledge-based system granting access to a nuclear or high-security research facility, the principle is common. Access control systems in their simplest context go back to the days of lock and key, with the goal of providing a method of enabling the right people through the given security measures and systems into a secure area or to provide access to a sensitive asset. Humble Beginnings As technology progressed, there was an obvious need to provide similar access through the security layers, except without the same pains of lost keys, time consuming and expensive updating of authorised people and re-keying locks, along with the ability to record the actions and events surrounding the granting of access into the area. The 1960s saw the introduction of the early iterations of electronic access control as it is known today, or at least the first step on the path towards it. These were initially as simple as the humble numeric keypad, which then moved onto barcodes and early magnetic stripe (or magstripe) cards, Wiegand type cards and ‘insertion keys’ (most commonly referred to as the old ‘Milkey’). The Wiegand type offered a higher perceived security measure since it required much more effort to copy the token credential than the magstripe, which is essentially nothing more than an easily replicable length of magnetic tape heat bonded to a plastic card. The Beginning of a Revolution It was in the late 1970s that the invention of the first proximity tag technology changed the path of, and even gave birth to, many industries – the access control industry perhaps being the earliest. Early systems operated in low frequency radio frequencies and the tag operated as both a receiver of power ‘transmitted’ by the tag reader and also as a transmitter, broadcasting its embedded binary data to the receiving circuit in the card reader, which then passed the data to the access control processor to either grant or deny access based upon the rules for that specific user. Since this early generation, there have been many changes and advances to the technology – much higher frequencies are now used to allow for a much larger and subsequently more secure

credential base; the use of smart card chips allows some on-card processing; and the use of encryption and challenge response protocols to secure the credential data, whereby the ‘conversation’ between the reader and the credential must follow a set of rules involving ‘questions’ and ‘answers’ to verify the reader is the real reader and the card is the correct card and not a fraudulent copy. From humble beginnings, the technology has grown explosively, with the payment card industry more recently being profoundly changed with the large-scale deployment of contactless payment systems and the growing ubiquity of near field communication (NFC), a bidirectional, peer-to-peer subset of RFID, which is a hot growth industry both for cards and in the smartphone market. The Human Aspect As technology has advanced, either through the organic evolutionary growth all technology experiences or through changes driven by military or medical advances, there is now a significant acceleration of biometric credential based systems. Vast increases in low-power processing enables ever increasing speeds and accuracy of biometric systems, with current video resolutions enabling the capacity to use surveillance feeds to leverage facial capture systems. Today, biometric access control technology is even an integral part of many smartphones, enabling more readily available secure access to mobile services and sensitive data. The Rhythm of Change Behind every front-end credential reader there must also be a means of decision making and control – an access control processor or controller. Early systems that were often done on a one-to-one basis with no intercommunications were quickly adapted to support early network technologies in order to facilitate more central updating and programming of credentials and the central logging, often on printed copy of the event logs. Moving forward, many systems went to a more centralised approach by integrating two, four or even eight readers on a single controller in order to leverage the cost savings of applying a single processor to handle multiple entries. With embedded processors being quite expensive, this enabled the penetration

SECURITY SOLUTIONS 089

of electronic access control into significantly more markets by making these systems more economically accessible. As technology has progressed, there have been various swings back and forth between the one-to-one and the centralised approach to processing, with each technology offering benefits and with the economies of these changing in rhythm with technology advancements and the associated cost savings. Yet, for many decades, the prevalence of largely legacy communications restricted many systems to historic system architecture and design methodologies. Moore’s More Readers may be familiar with Moore’s Law; it has remained a fairly stable and consistent indicator of predictable advancement of processing power in personal computers over the past 50 years. It may be beginning to wane today, but this advancement has also spilled over into the embedded technology market, to the point where embedded processors can now be used in cluster and cloud processing configurations to provide the vast processing capabilities of the ‘Big Iron’ server hardware, but with vastly superior power consumption and a more linear cost scale. Over the course of the last decade, and moving into today’s market, there has been a significant acceleration in the development of the processing power and the reduction in cost and size of embedded microcontrollers and microprocessors. This has enabled astute security technology vendors to shift many functions to the edge that would have previously been done on a central controller working as the heavy lifter. This movement, through economies of scale, has enabled more and more functionality and intelligence to be placed at the point of need rather than where the economics of the system would have previously dictated. Combining this with the abundance of both wired and wireless networked devices in industries like the machine to machine space has helped drive the cost of higher level communications technology down, allowing much greater freedom to share resources and improve the speed at which things like biometric verification can be performed and has enabled the addition of other value-added services. Byte’s Bigger than Users can Chew With all the advancements in functionality

090

provided by the technology, communications and distributed processing, it needs to be asked, what happens when it all goes wrong? This question is becoming more and more important as an ever greater number of systems are connecting and forming networks, sharing resources and controlling the world, and it is one a number of vendors are addressing at various levels. Cybersecurity of access control, security and surveillance systems is of growing importance; yet the fact it is still outside the scope of skills of many, if not most, security architects and integrators is an important aspect to consider and plan around. It forms part of a wellplanned resilient system design, with today’s access technologies offering various degrees of redundancy at deliverable costs never seen in the ‘golden olden’ days the industry grew from. Today’s security systems rely not only on their own systems being secure, but also upon the framework or infrastructure they all rely upon to be secure; they are inherently reliant upon solid network design and cybersecurity analysis that, fortunately, technology is catching up to, addressing the threat created ironically by the advancements that have been made. From Pie in the Sky to the Future Built in the Clouds? For a number of years, there were articles and promises of the cloud and cloud services that were going to take over security and all backend software management functions. For a long time, these were just that; promises of things to come. Perhaps finally the market is maturing, with access control solutions able to offer not just remote management, but everything down to issuing cards and printed IDs as a service. Access databases are replaceable on the fly after catastrophic equipment failure to achieve enterprise functionality at tiny remote branch offices without investing in a separate platform for each site. They readily access event footage of access control events for entire multinational organisations. All of this and more can be achieved from anywhere in the world where an internet connection can be accessed. Adding the IT services access control integration now available in the market and the capacity to track resources, dynamically allocate additional computing resources and modify energy management policies based around market costs, enables appropriate staffing levels at each location and

the technology resources those specific staff require to be determined, all using today’s cloud-based solutions. Tomorrow’s Promise The last decade has seen progress from the basic proximity cards and simple keypads for code entry to the complexity and versatility of credentials described in this article. Today’s access control space is full of both established players attempting to retain a hold on their client base through proprietary systems lockin, with highly limited channels to market and also a growing number of highly agile vendors embracing the much more user- and futurefriendly philosophy of open architecture systems and who embrace the technology advancements of other sectors. The open architecture systems provide a more flexible and, to the client’s benefit, a more competitive market space, enabling a best-of-breed philosophy in architecture. One of the strongest growth areas involving access control in the last several years has been the broader adoption of physical security integration management (PSIM) platforms, allowing a much broader integration base from which system integrators and clients can draw capabilities from, tying the access control platforms into a more cohesive, holistic picture. Through this broader resource base, providers can achieve increased value from the reluctant investment in physical security systems. Integration with building management and facility management systems offers further opportunity to capitalise on this cross-platform philosophy, extending and multiplying the returns for business by leveraging off manpower and maintenance services, each worker equalling greater benefit to the organisation and the potential for greater savings. The greater value hidden within the various security investments is often driven primarily through the access control and surveillance systems, making the ‘playing well with others’ aspect of open architecture systems all the more critical and allowing consultants and designers much greater scope to deliver the greater value demanded in today’s sophisticated security market. It is this freedom that has taken and will take security further into tomorrow, creating a future for security businesses not just to tick the boxes of supplying an access solution, but to offer ever growing value to clients and the technology sector as a whole.

SEE US AT TOTAL FACILITIES EXHIBITION

April 6-7, 2016 STAND B19

high speed doors for improving security and access control Carparks Prisons Warehouses Emergency Stns Courthouses Defence Airports Casinos

DMF International Pty Ltd

Email sales@dmf.com.au www.dmf.com.au

ph 1800 281170

Exclusive Australian licensed agent

SECURITY SOLUTIONS 091

PROFESSIONAL DEVELOPMENT

092 SECURITY SOLUTIONS

The Growth Of The Security Profession By Don Williams Congratulations to Security Solutions Magazine on the 100th issue. Security Solutions and its previous incarnation, Security Oz, have been stalwart supporters of the drive to define, create and promote a security profession within Australia and New Zealand. Without their support, it is probable that the industry would not have progressed as far as it has. This article seeks to review how far the industry has come, where it is, and what more needs to be done. The security profession is recognition that protective security is a continuum of service, from the Certificate II guard who provides the vital front-end service and is the real first responder, through to the senior security executives of Australia’s and, in some cases the world’s, largest companies. Along this line of capabilities are a number of skills, qualifications and experiences matching the roles and responsibilities of guards, installers, supervisors, designers, managers, advisers, consultants and executives. The industry end, which may be taken to include guard forces, trainers, installers and supervisors, is well documented with defined training requirements, employment categories, payment regimes and licencing related to work functions. The same is not true of the professional end, where there have been no minimum educational qualifications (except for a Certificate IV for those wishing to consult on non-IT security) and no minimum requirements to belong to professional associations or to have specific security-related or general business management experience. Throughout the considerable discussions relating to the definition of a security profession, there was never a suggestion that any member of the security continuum cannot act in a professional manner; rather, the ‘professional sector’ is defined as having a minimum level of academic qualifications with a clear code of ethics and a commitment to the general well being of the community through service at a senior or managerial level. A good place from which to compare the growth of the security profession is probably the year 2000; as well as being the start of the new

millennium, it also marked a change in the way security was perceived in Australia. By 2000, Australia had strong Commonwealth, inter–State police cooperation and counterterrorist capabilities established through the Standing Advisory Committee on Protection Against Violence (SACPAV) and other committees, building on the lessons learnt from the terrorist incidents of the 1960s and 1970s. There were a handful of people with the Diploma in Security and Risk Management, the pilot course having been run in 1998, and a few with previous qualifications such as the Associate Diploma in Management (Security) or qualifications from overseas. There were a few Certified as Protection Professionals (CPP), but the certification and its value was largely unknown. Existing and highly regarded security professionals such as Geoff Askew, Peter Keating, David Harris and others had established themselves as important members of corporate leadership teams and were willing to mentor others. Additionally, the Sydney Olympics and Paralympics required a disciplined, structured and knowledge-based application of security that not only protected but supported all aspects of the Olympic operation. So, by 2000, there was some recognition that security was a management discipline and was not just about supervising guards. After the Sydney Olympics, there was a surge in the number of people setting themselves up as security consultants based on their experience in the Olympics. These ranged from those who had been at the highest level of security planning to those who may have been involved at venue or contractor level in some manner. The one thing that was common was that almost no one had a formal security qualification. At that stage, the most common, recognised and accepted qualification was having worn a uniform of some type or having come from the intelligence community. There was no recognition that being able to deploy and command troops, ships or war planes, or to investigate and arrest perpetrators was of little to no relevance when protecting profit

SECURITY SOLUTIONS 093

PROFESSIONAL DEVELOPMENT

and reputation. Some in this initial burst did go on to develop respected positions and become practitioners within the security profession; most fell by the wayside. The next big event was a year later with September 11, 2001 when the capability of terrorists to damage a country hit the headlines. Security went from a backwater of little to no interest to a front-line capability and profit-making centre almost overnight. Every consulting company was selling security services. The big accounting companies were suddenly world leaders in the field. Military and law enforcement officers were being snapped up, the more senior the better – regardless of their knowledge of security theory, threats from the criminal sector, the critical assets and functions of the corporate sector or their ability to communicate effectively with the C Suite occupants. Just as the dust was settling and some balance was returning, the Bali bombing happened, which brought the issue close to Australian communities and businesses. What these two events did do was highlight that there is a need for security guidance at the managerial level, and that perhaps security is a specific area of study. Looking at the type of people offering advice and the great variation in the applicability and usefulness of the advice being offered led a small group consisting of a senior security manager, long standing security consultants and an academic to ask, “Why are we not seen as professional, what is a security professional and how do we prove that one is a security professional?” The team, with the assistance of the Australian Security Research Centre and Security Solutions, hosted a forum in Melbourne in 2007 where 150 people and representatives from a wide range of professional and industry-based associations attended to discuss what defines a security professional and how they can be measured. Another forum in 2008 produced the results of a Security Professionals Interim Taskforce that had reviewed overseas systems, looked at what defined a profession and what was required of professionals. As a result of this work, the Australasian Council of Security Professionals was established to bring together the security-

094 SECURITY SOLUTIONS

specific professional and industry bodies, academic and training institutions and recognised thought leaders in the field. The establishment of the Council was strongly supported by the Australian Attorney General’s Department, which wanted to see a recognisable security profession. At all steps, New Zealand security professionals were involved to ensure the processes would be applicable across the Tasman and elsewhere. The Council raised the Registry of Security Professionals – Australasia, which drew on workshops held in all states, mainland territories and New Zealand to determine the managerial sub-disciplines and criteria for registration. The first registrations were issued in September 2012.

Security went from a backwater of little to no interest to a front-line capability and profit-making centre almost overnight. The Council and Registry were restructured, with the agreement of members, into Security Professionals Australasia in 2015. The reorganisation has streamlined the organisations and also will assist in aligning the Registry with Professions Australia, with the related benefits. Currently, there is a greater recognition by other managers that security is a management discipline with its own body of knowledge, research and literature. There are more CPP, Physical Security Professional (PSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and other internationally recognised certified practitioners operating; all of whom are required to maintain their knowledge through ongoing professional development, raising the bar for advice and making others reach for the same level. At the time of writing, Australia has 125 CPP, PSP and Payment Card Industry (PCI) certified practitioners, in addition to the IT security specific certifications. There are more qualified security professionals in both the private and government sectors. However, there are still too many cases of government and corporate

security managers having little or no formal qualifications or security-specific experience who are often filling the role of protecting the business on a part-time basis. There is still a desire by some organisations to employ ex-uniform or intelligence people as security managers – the more esoteric the uniformed role the better – despite not having security-specific qualifications. The professional end of the security continuum is still tied into the security industry licencing regimes where a Certificate IV is considered an appropriate qualification to offer senior managerial advice. The security profession needs to be removed from industry licencing, as per the Tasmanian legislation. The biggest problem is that there is still only one university offering undergraduate degrees in (protective) security. There are others with degrees in international security, terrorist studies, policing and intelligence. The industry needs tertiary institutes to offer degrees that enable school leavers to enter security as a managerial profession. A degree in Business Management (Security) would be a good start. There is a security profession and professional practitioners. If a practitioner wants to be recognised as such, they can act professionally, attain formal qualifications and certifications and, if they wish, registration. If a client wants in-house or external security advice, they should apply the same criteria as they would for any other managerial adviser: qualifications, relevant experience, membership of relevant professional associations and applicable insurances. The industry has come a long way in developing an identifiable security profession in Australia and New Zealand, but there is still a way to go until it can rest, if ever.

Don Williams CPP RSecP is a member of ASIS International, the Institute of Explosives Engineers, the International Association of Bomb Technicians and Investigators and the International Association of Protective Structures. In 2013, he was awarded the Australian Security Medal for services to the security profession. He works with the Security Professionals Registry Australasia. Don can be contacted via email: donwilliams@dswconsulting.com.au

SECURITY SOLUTIONS 095

FEATURE ARTICLE

096 SECURITY SOLUTIONS

ychology The Psychology e Ps Th d Off Se Security And curity An O Safety Of Safety Perception Perception Of By Rachell DeLuca The past decade has seen a dramatic shift to the security landscape in that security concepts and strategies, once only the domain of professionals, are now ordinary topics of conversation in both businesses and households alike. It seems these days that everyone has an opinion on everything, from local crime rates, spam protection and online privacy to national security and counterterrorism. This consumerisation of security and its subsequent accessibility to everyday users is partly due to advancements in online services such as banking, social media and the prevalence of personal computing and home networks. These advances have generated a need for everyday users to understand risks pertaining to privacy, identity theft, hacking, access control and overall protection of their data; concepts which readily translate into the physical protection space. Coupled with worldwide terrorism activity and an overall increase in media reporting of security-related matters over the past 15 years, this has resulted in a more security conscious society of educated end-users in both the information and physical security environments. With this increased education and understanding, however, comes criticism and evaluation of the visible protection mechanisms utilised in environments where physical security and personal safety are at a premium and are, in fact, demanded by users. Terrorism activity in public places of mass gathering such

as stadiums, public transportation, airports, entertainment venues, hotels, restaurants, marketplaces and just about every other possible type of venue has generated fear and unease within the community. The need for venue owners, managers and governments to address this fear and secure their sites has intensified; however, the most effective methods of achieving this may not be visible to the average user, and therefore will have no impact whatsoever on the perception of safety. The general public needs to feel secure and see that an increased effort is being made to provide them with this feeling. If security mechanisms cannot be seen and do not impact upon a personâ&#x20AC;&#x2122;s interaction with his environment in some way, even if inconvenient or invasive, the perception that any action has been taken to address the perceived increased level of risk will not be made and people will not feel safe. People today need to see and feel that measures are being taken to let the good guys in and keep the bad guys out. This psychology of security and the notion of keeping malicious persons, items and weapons out of places of public use is the fundamental definition of access control. Unfortunately, security measures that are highly visible but very common nowadays such as CCTV, electronic access control systems and locks, and entrance barriers do very little to placate and reassure people that any increase in security has been made. A venue may have spent many thousands of dollars upgrading

such systems to the latest, state-of-theart technologies with advanced capabilities such as analytics and facial recognition, but because these systems are so commonplace and widely accepted and expected, there will be no impact upon the perception of safety amongst the community. Average users will not know that the system they can see has been upgraded and has increased capabilities that directly impact upon their safety, but will definitely notice the absence of any visible, new security measures that are reactive to the changing risk climate. To reassure the public and provide the perception of safety, visible security countermeasures have become necessary, regardless of the actual effectiveness, if any, they provide. This concept is called security theatre, and has been written about in depth by renowned security expert Bruce Schneier, who notes that security is both a reality and a feeling. Security as a reality can be measured in a mathematical sense based upon risk probability and countermeasure effectiveness. Security as a feeling, however, cannot be measured and is subject to the differing psychological reactions of individuals to risk, perceived risk and to countermeasures. Schneier summarises this perfectly, stating, â&#x20AC;&#x153;The two things are different: you can be secure even though you do not feel secure, and you can feel secure even though you are not really secure.â&#x20AC;? The value of security theatre cannot be discarded, particularly after security incidents

SECURITY SOLUTIONS 097

FEATURE ARTICLE

such as terrorist attacks have occurred. The genuine fear and psychological uneasiness of the public that occurs now around public places of mass gathering, air travel, underground train stations, sports arenas, entertainment venues and the like is a very real issue and cannot be left untreated. Society’s perception of safety and security in day-to-day lives has been shattered and people’s innocence in such matters has been lost. This, in turn, has led to the increased security awareness of everyday citizens who now demand to be reassured that they are safe. It has been well documented that after the September 11 attacks in the US, several airports utilised National Guard troops to stand guard at security checkpoints to provide a highly visible presence to all airport users. What subsequently came to light and was widely reported upon in 2002 was that none of those officers were carrying loaded weapons and that their guns were empty. The effectiveness of their presence was purely as a visual deterrent and to reassure frightened passengers that action was being taken to prevent such an attack from happening again. Since that time, there has been an overall increase in visual presence of uniformed security personnel, baggage screening, screening of individuals, ID requirements and checks, and ‘see something, say something’ type campaigns involving everyday citizens to increase awareness and reporting of suspicious activity. Security has become highly visible and in many circumstances inconvenient or invasive, as is the case with bag screening or body scanning of every person. However effective or ineffective these visible methods are, it cannot be argued that they do not provide psychological reassurance and address some of the fears of the public. For that reason alone, countermeasures that do not contribute in any other way to the mathematical reduction of risk probability and thereby qualify only as security theatre are effective. Just as the placebo effect in medical treatment is effective and qualifies as a treatment in its own right. Security theatre is not just being performed at airports, or in response to actual incidents, but is now being used to satisfy governments, board members and event organisers that efforts have been made to reduce the occurrence of risks, which in turn impacts upon the likelihood of litigation and accusations

098 SECURITY SOLUTIONS

To reassure the public and provide the perception of safety, visible security countermeasures have become necessary, regardless of the actual effectiveness, if any, they provide. This concept is called security theatre. of negligence or complacency. Changes to access control measures at rock concerts, festivals and stadiums is a great example of how the performance of security theatre has become mainstream, with little or no evidence of providing any tangible risk mitigation. Where once the focus of security at such venues was to ensure a patron had a valid ticket and was not bringing any illegal alcohol or glass containers into the facility, the focus now is on explosives and weapons. This means longer queues, additional manpower, increased baggage searches and, in some cases, metal detection being used to screen persons entering such venues. The reality is that the likelihood of patrons bringing illegal alcohol, glass containers and nuisance items such as flares or fireworks into these venues is still higher than the likelihood of explosives and firearms. The consequences of the latter of course are much different, but despite recent attacks globally, the likelihood locally has not statistically increased. In fact, new risks may be introduced as a result of the implementation of security theatre treatments, such as health and safety concerns for elderly or young patrons standing in long queues for hours in excessive heat, or the increased risk of violence and aggression amongst patrons frustrated with the inconvenient and invasive search tactics. Just as the presence of essentially unarmed National Guard troops at US airports following the September 11 attacks provided reassurance to the public, the value of the access control countermeasures seen today is in the visual deterrence, public reassurance and reduction of liability. The operating costs of

security theatre strategies that treat perception rather than reality can be quite high; in many cases just as high as the costs of treating actual risk by upgrading existing systems with more effective technologies or implementing new countermeasures with measurable effect. As shown historically, however, the value of an effective countermeasure compared to a theatrical one is negligible if it is invisible to the average person who now demands increased security, despite not always knowing what that actually entails. The psychology of security and the perception of safety as people go about their day-to-day lives is a crucial aspect of overcoming the effect that terrorism has on the consciousness of a community. The message globally after any incident or attack is unanimously that people will not live in fear and will not change their way of life. Security theatre measures and their capacity to provide reassurance to the general public, reducing anxiety and fear during times of great uncertainty, means it is in fact a valid and valuable security strategy. The changing risk climate and the increased fear within the community that increases with every incident that occurs will ensure that psychological security treatment becomes increasingly common, and may become just as important as traditional security countermeasures in days to come.

Rachell DeLuca is a Senior Security Consultant with Arup, located in Melbourne, Australia. She has over 17 years’ experience in the security industry. Rachell can be contacted via email rachell.deluca@arup.com

EasyGate an award winning range of speedgates

DDA Compliant Secure – up to 1800mm high barriers Stylish – European design and manufacture Reliable – 24 month warranty & 3,000,000 MTBF Fast – Throughput rates of up to 60 people per minute

With 14 years’ experience delivering entrance control

solutions and 5 offices across Australia & New Zealand

Centaman is here to help you make the right entrance

T: 1300 858 840 E: sales@entrancecontrol.com.au

www.entrancecontrol.com.au

MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.

Find your nearest locksmith and MLA member at

THE MLA ADVANTAGE

DOMESTIC

COMMERCIAL

AUTOMOTIVE

SAFES

RESTRICTED KEY SYSTEMS

ELECTRONIC SECURITY

CCTV

SECURITY SOLUTIONS 099

FEATURE ARTICLE

Be Careful What You Measure – It May Be The Wrong Thing

100 SECURITY SOLUTIONS

By Jason Brown The second of this two-part article on metrics in the security industry discusses specific measures for each element of policy, management process and security disciplines in the areas of personnel, physical and information and technology security. Measuring Policy Processes Security contribution can be demonstrated in the development and implementation of policy. A policy model using the process map for reducing risk in the ISO 31000 is a useful tool to identify each space where a measure can be utilised to assess security engagement, process efficiency and level of service. The structure of the diagram (see next page) will be familiar to risk managers everywhere as it is derived from the ISO 31000 standard, but it is a variation to show how security policy and procedures need to be developed. Clearly, the risks to the objectives of an organisation need to be identified and managed, and approaches such as ISO 31000 need to be used. When risks have been addressed and potential controls have been identified, they need to be implemented; therefore, appropriate policies and processes need to be put in place. A variation of the original risk management process needs to be used to build this framework, which ultimately becomes the security management system for the organisation. This process also allows for high-level metrics by taking each element at a time: • measure 1 – have all relevant stakeholders been engaged in considering the issues and articulating their requirements? • measure 2 – has there been an appropriate identification, analysis and evaluation of this information? • measure 3 – have all those who have a role in responding to, accounting for or implementing controls been engaged? • measure 4 – are policies, processes, resources and controls in place to effectively manage risk? • measure 5 – are monitoring, audit, review and continuous improvement practices in place?

These macro-measures are the ones that matter to CEOs and boards; they need reassurance that these processes are working. An organisation’s strategic audit and review mechanisms need regular application. The frequency of review is needs or requirement driven, or driven by the volatility of the security operational environment. Metrics by Discipline Personnel Security For effective personnel security, the following activities need to be in place: 1. Recruitment, employment and visitor processes: • pre-employment screening (criminal and diligence checks) – have all employees and contractors with access been screened? • structured recruitment process (staff and executives) – have recruitment personnel, both in-house and contracted, been trained in their security responsibilities and did any get through the system that should not have done so? • access controls based on training, authorisation and a need to know – have all persons requiring access received it, are there any persons who have access without authorisation and have authorisations been cancelled when there is no longer a requirement? What is the number and cause of breaches? 2. Training and awareness: • security induction and awareness training o security clearance issues, changes to threat environment and security procedures – how many staff have been trained and to what standard? • professional security training (security staff development) – do security staff have the skill and competence to do their job? If not, why not? 3. Undertakings and acknowledgements: • non-disclosure/confidentiality • project and contractual • declaration of secrecy upon cessation of duties • are all agreements up to date? 4. Security clearances, briefings and

debriefings and international travel: • security clearance processing for those with an authorised need – are clearances up-to-date and all relevant briefings in place? • upon employment and departure – have all agreements, authorisations and access been reviewed and amended as required? • overseas travel – have travel security procedures been adhered to and all travel security issues resolved? Physical Security Physical security describes security measures that are designed to deny unauthorised access to facilities, equipment and resources, and to protect personnel and property from damage or harm (such as espionage, theft or terrorist attacks). Penn State University, in its policing and security faculty, suggests that the field of security engineering has identified the following elements to physical security: • obstacles, to frustrate trivial attackers and delay serious ones; to include both explosion protection and external surveillance • detection systems, such as surveillance systems, alarms, security lighting, security guard patrols or closed-circuit television cameras, to make it likely that attacks will be noticed • security response, to repel, catch or frustrate attackers when an attack is detected. In a well-designed system, these features must complement each other. There are at least four layers of physical security: • environmental design • mechanical, electronic and procedural access control • intrusion detection (with appropriate response procedures) • personnel identification (authentication). There may be many choices to consider and there is no ‘best’ solution that will satisfy a broad class of situations. Measures of the effectiveness and efficiency are directly related to their success in mitigating security risks from intruders or other unauthorised

SECURITY SOLUTIONS 101

FEATURE ARTICLE

access. Organisations need to test if they work. Investigate and report when they fail, and remediate if necessary.

The assigned compliance rating also generates a risk score (0–9) which is a factor derived from the likelihood and consequence of non-compliance. Nil risk is calculated as a 0 and a very high risk as a 9. The results are displayed in two separate charts, one for compliance per business unit and one for risk Level of Risk per business unit/domain.

Information and Telecommunication Security Wayne Jansen (April 2009) provides an excellent summary of two key aspects of ITC: “Security of an IT system comprises High 8 two interdependent aspects: correctness and 7 effectiveness. Correctness denotes assurance 6 Level of Risk that the security-enforcing mechanisms have High 5 8 4 been rightly implemented (that is, they do 7 3 6 exactly what they are intended to do, such as 2 5 1 performing some calculation). Effectiveness 4 0 Not at all max... Sydney Melb... Perth denotes assurance that the security-enforcing 3 2 mechanisms of the system meet the stated 1 security objectives (that is, they do not do 0 Not at all max... Sydney Melb... Perth Level anything other than what is intended for of Risk High them to do, while satisfying expectations for 8 Personal 7 QuarterlyPhysical Review Report Sept. 2015 resiliency). Most programmers have produced 6 10 a program that satisfies correctness criteria, ITC 5 9 4 but fails to meet effectiveness criteria, 8 Quarterly Review Report Sept. 2015 3 particularly under extraordinary 2unanticipated 7 10 1 conditions.” 6 9 0 5 Jansen suggests that of 8Perth Not at allevaluation max... Sydney Melb... 4 7 correctness gauges the capability of the 3 6 security-enforcing mechanisms to carry out 2 5 their tasks precisely to the specifications. 1 4 0 This means that the architecture, hardware, 3 FULLY Dec. Mar. June Sept. MET firmware and software have theQuarterly resilience, 2 2015 Review Report Sept. 1 robustness and security to 10achieve the Defence Security DISP 0 9 security outcome. It can be measured by FULLY Dec. Mar. June Sept. Physical Security MET 8 Personal Security substantiating how well the system exhibits the 7 Trade Control behaviour expected of it and any6 failures that ITC Security occur against this standard. 5 4 3 An Audit Model 2 It is quite possible to develop a regular audit 1 system depending on the organisation’s 0 FULLY Dec. Mar. reporting needs. Thales uses a MET Quarterly Strategic Issues and Incidents Report that consists of a compliance questionnaire covering the physical security, personnel security, information security, defence industry security programme (DISP), trade control (including International Traffic in Arms Regulations), disaster management and deed compliance of a business unit/domain. A rating of 1 to 9 is assigned to each compliance question to obtain an average compliance score for the business unit/domain. Full compliance is given a 9 score and a 1 score indicates a critical level of non-compliance, very significant current risk to Thales operations.

102 SECURITY SOLUTIONS

Furthermore, he states that a system scientifically founded on security metrics methodology would let design engineers answer these questions: • Is design A or B more secure? • Have I made the appropriate design–time trade-offs among timeliness, security and cost? • How will the system, as implemented, Personal Physical respond to a specific attack scenario? ITC • What is the most critical part of the system Personal to test, from a security viewpoint? Physical Sanders finishes by encouraging ITC organisations to design and integrate the metrics such that they can be used to gain insights throughout the system life cycle, including design, implementation, configuration, operation and upgrade or modification. This must also be contingent on maintaining an interactive view of system performance in the light of a rapidly changing Defence Security DISP Physical Security security environment. Personal SecurityIn closing, this two-part article has merely Defence Security DISP Trade Control brushed the surface of how organisations may Physical Security ITC Security address the measurement of security failure PersonalManagement Security Disaster or success. There is probably more than one Trade Control Doctorate thesis for anyone willing to give it a ITC Security go. Contact the author via Security Solutions Disaster Management Magazine and he will provide the material to give interested parties a head start.

Disaster Management

This process can generate numeric scores suitable for tabular or graphic representation. June Sept. Examples include bar charts by entity, comparative charts, and compliance and risk matrices. William H. Sanders (2014) suggests that the tools to do this have a number of challenges when dealing with large-scale systems. He argues that such a capability would let organisations answer these questions: • How much risk am I carrying? • Am I better off now than I was this time last year? • Am I spending the right amount of money on the right things? • How do I compare to my peers? • What are my risk transfer options?

For a full list of references, email admin@interactivemediasolutions.com.au Jason Brown is the National Security Director for Thales in Australia and New Zealand. He is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. He is also responsible for ensuring compliance with international and commonwealth requirements for national security and relevant federal and state laws. He has served on a number of senior boards and committees, including Chair of the Security Professionals Australasia; Deputy Registrar Security Professionals Registry – Australasia (SPR-A); Chair of the Steering Committee for the International Day of Recognition of Security Officers; member of ASIS International Standards and Guidelines Commission; Chair of Australian Standards Committee for Security and resilience.

SECURITY SOLUTIONS 103

SECURITY STUFF C O N T E N T S

SPOTLIGHT

PROFILE

PRODUCT SHOWCASES miPASS

114

EasyGate HG

114

Parking Solutions

115

Architect速 Blue

115

MHTM Boom Gate

116

Seadan

106

LSC 110

SYLO

108

ASTUTE SMART LOCKS

112

SHOP TALK

LUMINOX 116

105 SECURITY SOLUTIONS

Vale Mike Rothery

118

SECURITY SOLUTIONS 106

IGH T SPO TL

The Tough Yet Stylish Elvox Pixel: Video Door Entry System European stylishness and innovation is being installed at door entrances across Australia using classy, Italian made Elvox Pixel video door entry panels. The new Elvox Pixel is the epitome of contemporary, yet elegant design and functionality. Pixel is the latest series of new modular video door entry panels from Elvox. European Style Designed and manufactured in Italy, Elvox’s Pixel range embodies the exquisite taste and style one has come to expect from Europe design. Pixel is sleek and ultra-thin with minimal lines and rounded corners, able to blend seamlessly into any background. Suitable for any architectural context, there are two Pixel versions, Pixel and Pixel Heavy. Available in four finishes, grey, slate grey, anodised grey and white - plus sanded grey for Pixel Heavy. Tough & Sturdy Pixel and Pixel Heavy are timeless aluminium entrance panels that are not only aesthetically pleasing in four colour finishes, but also tough and sturdy. Featuring a die-cast aluminium frame and a front made from zamak, the Pixel range is strong enough to withstand knocks and atmospheric agents. Given a protection rating of IP54, IK08 and IK10 for Pixel Heavy, the Pixel series is weather resistant against water and dust as well as vandal and impact resistant.

106 SECURITY SOLUTIONS

Innovative & Intuitive Focused on innovation and technological leadership, Elvox ensured that the Pixel would have the highest quality and design. Pixel comes in a range of modules characterised by advance features such as: • Self-adjusting LED back lighting to ensure strong visibility at all times • Wide angel camera with high definition recording, zooming and scrolling • Colour LCD 3.5” screen • Crisp, clear and detailed graphics for ease of use • Automatic audio adjustment and control, sound comes through clearly • Functionality for the hearing-impaired with hearing aid Tcoil • Functionality for the blind with speech synthesis • Intuitive scrolling navigation menu. Versatility & Modularity One of the most notable benefits of the Elvox Pixel series is its ability to provide versatility and modularity thanks to the use of Due Fili Plus technology. Ideally suited for apartment blocks, the Pixel has two options to choose from. The first option is the Modular entrance panels. It allows the creation of infinite module compositions, thanks to its in-built flexibility.

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

SEADAN

Organise different combinations to suit your apartment needs. Starting from one, two or three vertical modules, you can create up to three rows horizontally, in a composition of nine modules. Pixel guarantees the versatility of the system with its expansion modules available in several versions: alphanumeric keypad, several types of axial or toggle buttons and biometric sensor transponders. The video module, comprising of four buttons in a double file, can be expanded up to a maximum of 84 buttons. The buttons can be used as name cards with either an alphanumeric or LCD display. The second option is the digital entrance panel, able to manage up to a maximum of 6,400 units. Ideal for large apartment blocks, with stylish design, crisp graphics and advanced functionality. The uniqueness of Due Fili Plus (the system behind the entrance panels) is that it carries not only data, voice, and video, but also power over a pair of cables - making it unique in the intercom world. The practicality of Due Fili Plus resolves all major cabling issues as it eliminates the normal mass of cabling and confusion when it comes to installation of large intercom systems. Easy Installation Pixel was designed not only with the customer in mind, but also the professionals who install them. Manufactured to ensure quick and smooth

installation, special stainless steel screws locked into the front panels offer easy access to the electronic units and name cards. Furthermore, hinges support the modules even when they are open enabling installers to work freely. Any maintenance work required can be done without having to remove the entire panel. In addition, a Mini-USB plug in the front is used to connect a PC for configuration via the Save-Prog software. Eliminating any need for masonry work, Pixel can be either surface or flush mounted. All modules are supplied with frames to protect the entrance panel from further water infiltration as well as an antimortar cover to protect them during installation. Protruding just 14 mm from the wall and 100 mm wide, Pixel is the ideal solution for elegant installations even in confined spaces. That is Elvoxâ&#x20AC;&#x2122;s Video Door Entry System â&#x20AC;&#x201C; Pixel. Beauty and strength.

Seadan Security & Electronics a leading wholesale supplier of security system solutions, is pleased to be appointed the exclusive supplier of Elvox Intercoms from Italy. For more information, please contact John Varthalis, National Sales & Marketing Manager - Intercom Division at Seadan Security & Electronics on 1300 366 851 or email: john.varthalis@seadan.com.au www.seadan.com.au

SECURITY SOLUTIONS 107

IGH T SPO TL

The Video Surveillance System That Changed Everything Is Now Even Better.

Meet Axxon Next Version 4.0, a next-generation open-platform video management software (VMS). Thanks to exciting innovations from AxxonSoft, the Axxon Next platform has reached a whole new level of performance, reliability, efficiency, functionality and accessibility. Video surveillance systems based on Axxon NextV4.0 can scale infinitely: there are no restrictions on the number of video servers, workstations or video cameras. Best of all, Axxon Next also plays well with other devices and systems. Axxon NextV4.0 supports over 6000 models of IP devices. This includes more than 1500 models of IP cameras, which can integrated using proprietary protocols, in addition to 4500 ONVIF compliant devices. Users can even enjoy remote access from mobile devices and a web interface. Security needs of all sizes - from those of large-scale distributed facilities to the smallest sites - can be efficiently met with Axxon Next video management software. Every license includes full, unrestricted VMS functionality, even on small systems with just one camera. In fact, users on tight budgets will appreciate the free version of the program, which supports up to 16 camera channels with 1TB of storage. With the release of the latest version of Axxon Next, AxxonSoft has done more than just tweak

108 SECURITY SOLUTIONS

existing technologies, they have created and included entirely new technologies as part of the upgrade. The result of their work, Axxon Next 4.0, is a truly integrated enterprise-class security system for protection of large, geographically distributed sites. New features include; Facial Recognition: Axxon Next features a face capture and search algorithm, that automatically detects a face in the field of view or in a provided video footage, and then searches for that same face in other video provided by networked cameras. To search for a face, the user either imports a photograph or selects a face in the video footage. Axxon Next then displays video episodes containing the person in question. Imagine being able to input the face of a known offender to find out if that person is on-site at a major even or inside a secure facility. Automatic License Plate Recognition: Axxon Next now incorporates an algorithm for number / license plate recognition. These license plate numbers are saved to a database and associated with the relevant recorded video from several cameras. The algorithm involves advanced heuristic methods (such as substitution of similar looking letters/numbers) to identify as many potential matches as possible.

Tag and Track Pro: The Tag & Track Pro feature allows users to simultaneously get the “big picture” of everything happening at a protected site while obtaining detailed imagery of objects and people moving around the site by locking onto them and continuing to track them across multiple cameras. Both sets of images can be recorded for later use, which is important for event investigation. Axxon Next is proudly distributed in Australia by Sylo Security Architects, an Australian organisation working in the global market to provide best-of-breed innovation, custom solutions, tier 1 products and value-add services for the Security Industry. Unlike many other distributors, Sylo offer’s security-by-design, providing bespoke solutions that balance market-leading innovation with an old-fashioned customer service, which is why Sylo chose Axxon Next as one of its preferred solutions. “We believe that the incredible flexibility, ease of use and wide interoperability of Axxon Next, as well as its myriad legacy features and function such as the integration with 3D maps, the ability to search meta data to conduct forensic searches of video footage and so on is an idea fit for our approach to creating best-of-breed, highly customizable solutions,” explains Mark Hartmann, CEO of Sylo. Axxon Next V4.0 will be officially available in the coming weeks. However, a Pre-release version is available on request by contacting Sylo. For more information, please contact Peter Jeffree on 07 3841 8882, or visit sylo.com.au

SYLO

MomentQuest2 Forensic Search Search criteria: • zone entry, motion in area of interest, movement between areas, colour, size etc • Criteria set at the time of search. no preconfiguration of detectors is necessary • Metadata generated during video recording guarantees fast searches

Video Analytics • • •

10 video detection tools included in all licenses, free of charge Convenient, interactive configuration of video detection tools Flexible, convenient configuration of system responses to triggers

Time Compressor

97 s

12 s

• Simultaneously view all objects that moved in the frame during the selected period • Speed up search (by dozens of times) for an object of interest • Click to view a video fragment in normal mode

SECURITY SOLUTIONS 109

PRO FILE

ADVERTORIAL

1926 2016 LSC90 YEARS OF SECURITY Knowing that the things we value most are safe and secure is important to all of us. With a growing population and increasing urbanisation, the need for security has become more and more vital to businesses and individuals. LSC, the Locksmiths Supply Company, has been at the heart of Australia’s security industry since 1926, when Aubrey F. Johnson founded his ironmongery in North Melbourne. Aubrey soon identified strong demand for specialist locksmith products. He was the first to source and import state of the art key-cutting tools and blanks from the US. In 1932, he was also the first to bring the code-cutting machine to Australia. In 1949, Aubrey’s son Stuart joined the company and the business was registered under the name “Locksmiths Supply Company”. Stuart travelled Australia extensively, demonstrating and selling the

110 SECURITY SOLUTIONS

latest security products from the boot of his car. By now, the company has evolved to become a wholesaler and distributer of locksmithing supplies and the latest security technology. In an industry first, Aubrey and Stuart seized on airfreight as the key to cost-effective national delivery. The campaign “We Fly Them Anywhere” was born, delivering orders to locksmiths Australiawide in as little as 24 hours. A founding member of the Master Locksmiths Association of Australia, Stuart’s commitment to the industry has since been an integral part of our business. In the 1980’s, the pace of change has accelerated as the third generation of Johnson family, Mark Johnson, joins LSC. National expansion starts with subsidiaries in Sydney, Brisbane, Adelaide and Perth.

To meet the ever-increasing demand, LSC launch a world-class distribution and customer support centre in Brooklyn, Victoria, in 2011. Technical innovation, sophisticated electronics and wireless applications increase the need for technical support and training. In 2012, LSC started ‘Tech Ed’, a world class training centre offering security courses delivered by industry leading experts. Tech Ed helps locksmiths to up-skill and stay on top of the industry’s latest developments. LSC has grown to become the most complete provider of locksmithing products and security hardware in Australia. Today and 90 years later, LCS’s pioneering spirit is as strong as ever. For more information or to see their extensive product range visit www.lsc.com.au

GPS UG60 DURESS

STANDALONE | INTRANET | ONLINE SOFTWARE CHOICES

Real-Time Long range detection, man down, Duress and GPS UniGuard is renowned for simply getting to the point in reporting to you in real time. You can be alerted to situations such as lateness to sites, missed areas or any incidents encountered by staff promptly as they happen. UniGuard’s highly detailed solution is fronted by cleverly designed easy to use desktop that allows uncomplicated functionality to even the most comprehensive and thorough reporting and is based on twenty years of feedback by UniGuard users. • Real Time Solution with Active Alerts • Automatic Reporting – Save on Man Hours • Turnkey Solution – We Handle EVERYTHING for You • Locally Supported

OR A CALL F FO FREE IN PA C K

UniGuard management & security

www.UniGuard.com.au 1300SOLUTIONS 1333 66111 SECURITY

PRO FILE

ADVERTORIAL

Astute Smart Locks launches Noke

– the world’s smartest bluetooth padlock

Fleet Management: With Noke, it’s easy to take the benefits of a smart lock—ease, convenience, control, security, durability—and scaling that to work for an entire enterprise. It will help professionals better manage their fleet by allowing them to be the administrator over an unlimited amount of locks. They can issue locks to individual employees, while still having the power to revoke access as well as monitor where and when the locks are used. No more giving up control and no more changing locks and combinations again.

Astute Smart Locks, a thought leader and pioneer of smart lock & smart access technology, is excited to announce the launch of Noke into the Australian market. Noke is a bluetooth enabled smart padlock that you unlock with your smartphone - eliminating the hassle of keys and combinations forever! All Noke locks are compatible with iOS, Android and Windows smartphones, and work in conjunction with the Noke app for smart, convenient security. Features: Designed to be the simplest electronic device you own, Noke automatically finds and connects to your Bluetooth 4.0 enabled smartphone. Instead of fumbling for keys, simply walk up to your Noke, press the shackle, and instantly access your possessions. Noke’s app even lets you share guest access with friends and family, so they can unlock your Noke with their own smartphone. You can allow a guest unlimited access, one-time access, or create a custom schedule of specific times and days of the week. For added control and peace of mind, Noke lets

112 SECURITY SOLUTIONS

you monitor its history so you know where, when, and by whom your lock was accessed. In case your smartphone battery dies, Noke has a back-up plan called ‘Quick-Click,’ so you’re never left stranded. Noke’s Quick-Click technology allows you to create a custom access code of short and long clicks on the shackle so you have the option to open it manually if necessary. Security: Noke uses the latest in anti-shim technology so security is not compromised. It also uses the latest in PKI technology and cryptographic key exchange protocol to stand up to hackers. Product Quality: Made of boron-hardened steel, Noke is not only attractive, but also incredibly strong. It’s designed to stand up to the toughest environments and weather conditions so Noke can go where you go. Battery: Noke locks are packed with a long lasting battery, giving you over a year’s worth of use before needing to be replaced or recharged.

Customers: Noke locks are wildly popular among all ages and demographics. Kids tend to use Noke on bikes and school lockers, while adults use Noke for locking up their back gate, gym locker, storage units, shed, cabin, trailer and more. Noke also accommodates business professionals by adding control to everyday security needs ranging from enterprise shipping containers to individual employee lockers. The use cases are endless and the benefits unparalleled. Noke Padlock Specs: Material: Zinc alloy body with boron-hardened steel shackle Colors: Silver, Black Water Resistant Strength Rating: IP66 Operating Temperature Range: -23degC to 65degC Security: PKI technology and cryptographic key exchange protocol Bluetooth: 4.0 Battery: 2032 coin cell battery For more information, please visit: www.astutesmartlocks.com or email: info@astutesmartlocks.com

SECURITY INDUSTRY

INSURANCE Types of covers provided; • • • • • • •

Public/Products Liability Professional Indemnity Errors Omissions Cash in Safe/Transit Good in Care Custody and Control Loss of Keys Statutory Liability

• • • • •

Workers Compensation Criminal Defence Costs Management Liability Business Packs Motor Vehicle

Business Activities provided for: Static Guarding

Debt Collecting

Mobile Patrols

Drug & Alcohol Testing

ATM Response

Crowd Control

Sales & Importing

Alarm Response

Alarm Installation/ Maintenance

Professional Money Carriers

Body Guarding Investigations

Consultants

Manufacturing

Security Training

Use of Firearms/Dogs

And more... *We only use Authorised Australian Insurers

call now

for an obligation free quote

1300 880 320 Email: admin@guardsafe.com.au

SECURITY SOLUTIONS 113

PRO DU CT

S E S A C W O H S miPASS BQT Solutionsâ&#x20AC;&#x2122; miPASS range of secure smart card and reader systems offers both a better alternative solution and a higher security solution that can help your bottom line. BQT has designed and developed its miPASS smart card and reader systems using leading Mifare technologies and industry-recognised encryption standards. The choice of the two leading technologies means that miPASS users can gain assurance that their assets, people, Internet Protocol and data are receiving the best means in keeping safe and secure. miPASS2 is based on secure Mifare Classic technology using Crypto1 encryption with diversified keys and offers medium security for access control applications where risk versus economics is relevant. The miPASS3 system is based on secure Mifare DESFire EV1 technology using 3DES encryption with diversified keys and offers high security for all access control applications. Put your trust in BQT Solutions, like so many others do, to tailor your perfect, secure high-security smart reader or biometrics solution. For more information, contact BQT or one of their Australia/New Zealand distributors today. Visit www.bqtsolutions.com or call 02 8817 2800.

CENTURION EASYGATE HG The Centurion EasyGate HG is the very latest in high tech entrance control systems. The EasyGate uses glass barriers in conjunction with optical detection technology and a new, patented magnetic drive motor which moves the barriers much faster and more precisely than any other product on the market, to provide a high throughput / high security gate. The bi-directional glass barrier is designed to work in a normally closed mode and open after a valid card has been presented to allow the authorised user to pass. The glass barrier then closes behind the authorised person to deter tailgaters. The glass security barrier moves away from the authorised pedestrian. In the event of other authorised users trying to use the lane, the barrier will stay open, even if they are walking in the opposite direction. The familiarity of the â&#x20AC;&#x2DC;door-likeâ&#x20AC;&#x2122; action of the barrier gives users confidence in operating the system, ensuring quick acceptance. With pedestal widths of 210 mm, barrier heights of up to 1800 mm and an open sided design matched with customisable vanity tops, Centurion EasyGate HG provides the ultimate combination of high security, fast throughput and high aesthetics. EasyGate HG automatically sounds a local alarm if someone enters without authorisation. Additionally, a relay can activate stricter security actions such as triggering CCTV, locking doors, or controlling elevators. When integrated with the fire alarm system, and upon a fire alarm, the barriers automatically open to allow for free emergency egress. The barriers can also open in the same manner in the event of a power outage. The EasyGate HG can be supplied with a desk mounted console or PC software to provide the reception team with easy control of the turnstiles functionality to facilitate visitor entry, simplify alarm monitoring and change operational modes. In addition, the turnstiles can be configured to allow remote diagnostics, allowing engineers to dial in and undertake remote maintenance, servicing, configuration and trouble shooting, saving on expensive site visits. For more information visit www.hytera.com.au

114 SECURITY SOLUTIONS

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.

CT DU PRO

SHO WC ASE S DESIGNING PARKING SOLUTIONS Car parking often presents property owners and facility managers across Australia with a major challenge. This challenge is often compounded by the fact that each building or location has various users and different requirements that need to be catered for. Leda’s Victorian office recently designed and installed an interesting solution to overcome illegal and unauthorised parking at a busy multi-tenanted office building, which included a medical ‘super clinic’ on the ground floor. High cycle boom gates were installed for entry and exit, together with 2D barcode ticket dispensers. Patients and authorised visitors were then able to have their ticket validated by the clinic to exit the building. The system also allowed other tenants to use conventional access control methods. Leda Security Products specialises in perimeter security and vehicular access control, manufacturing a wide and diverse range of products. With branches across Australia (Sydney, Melbourne, Brisbane, Adelaide and Perth), Leda’s experienced design and engineering staff are available to assist you with your next parking project. Visit www.ledasecurity.com.au for more information. Contact Leda via email sales@ledasecurity.com.au or phone 1300 780 450.

ARCHITECT® BLUE Data and information have become priorities in our smart, mobile and connected society. Beyond the economic realities, human authentication through the securing of people’s identity and access is essential. STid presents Architect® Blue, its latest secure mobile access control solution, using RFID, NFC and Bluetooth® Smart (Low Energy) technologies. The Architect® Blue readers ensure four identification modes for intuitive, smooth and unhindered management of your access points: • Badge mode is enabled by placing your smartphone in front of the reader (as a card). • Tap Tap mode can be enabled by tapping your phone twice in your pocket for Prox or remote opening. • Slide & Pass mode is enabled by placing your hand close to the reader. • Remote mode is enabled by controlling your access points remotely. These four modes are made possible thanks to STid’s exclusive, patented technology that can differentiate between access points depending on their distance, making it possible to install multiple Architect® Blue readers in the same area. Managing digital keys on a smartphone requires expert control of the security chain (phone, reader and system). To facilitate this, STid offers secure EAL5+ storage of keys while protecting and encrypting all communications between the mobile phone and the access terminal. Only the Architect® Blue readers can authenticate the smartphone. For more information visit www.stid.com or call +61 2 9779 1656

SECURITY SOLUTIONS 115

PRO DU CT

S E S A C W O H S MAGNETIC AUTOMATION’S MHTM BOOM GATE There is a Magnetic MHTM boom gate to suit any application. The range includes high-speed tollway boom gates, car park boom gates and site access boom gates, with boom lengths up to 10 metres and down to 0.9 seconds opening time. The innovative drive technology of the MHTM offers low maintenance, high performance, 75 percent less power consumption and a variety of operational modes and speeds. The MHTM can be controlled by card access systems, remote control, token or coin acceptors, or by simple push buttons. All boom gates include Magnetic’s unique VarioBoom arm, which is ergonomically designed for faster opening efficiency. Apart from typical car park boom gate installations, Magnetic Automation recently provided a pedestrian-safety solution in a warehouse by installing two MHTM boom gates in a unique loading dock area. The client required a safety solution that would prevent people from falling off the loading dock, as it had been identified as a potential safety risk. This client already had other Magnetic products installed on the premises, so they looked no further in getting Magnetic to install their new boom gates to improve the safety of the warehouse. Visit www.magneticautomation.com.au for more information. Contact Magnetic Automation via email info@magnetic-oz.com or phone 1300 364 864.

ATACAMA FIELD CHRONO Originating in the 1880s, the field watch gained popularity during the First World War due to soldier’s demands for reliable and portable timepieces. Trench fighting required quick, accurate timing so watches had to be small enough to be worn on the wrist. The battlefield environment also created a need for exceptionally water and shock resistant watches, and the Field watch quickly evolved a distinctive style – rugged and utilitarian with virtually no embellishment. The new ATACAMA FIELD CHRONO ALARM 1940 SERIES from Luminox are amongst their best selling time pieces, blending the functionality of a modern Swiss Made timepiece with an updated retro look. The ultimate incarnation of the Field watch, it is rugged and reliable, truly iconic in design and a terrific daily wear timepiece, suitable for the field, the office or the boardroom. The Atacamas feature a solid stainless steel case, screw-down crown for added water resistance, and tritium tubes for continuous illumination. Luminox have become famous the world over for their innovation as the original self-powered luminous watch brand. Their watches have become the timepiece of choice for U.S. Navy SEALs, F-117 Nighthawk stealth jet pilots, other elite forces and professional divers the world over. Luminox watches glow up to 25 years in any light condition ensuring that the time is always visible. Tough, powerful and accurate, Swiss Made Luminox is the ultimate gear for serious athletes, rugged outdoorsmen and other peak performers and anyone who spends as much time in the field as they do in the office. For more information visit www.luminox.com

116 SECURITY SOLUTIONS

CT DU PRO

SHO WC ASE S

Atacama Field Chronograph Alarm v: 45mm, black PVD stainless steel case with screw case back and screw down crown, antireflective sapphire crystal, water resistant to 100 meters, alarm feature, vintage brown leather strap with black PVD buckle, and Luminox self-powered illumination. Swiss Made. Preferred timepiece of automotive enthusiasts.

www.luminox. com VIC 8th Avenue Watch Co., Emporium Melbourne, 03 9639 6175 | Temelli Jewellery, Highpoint S/C, 03 9317 3230 | Temelli Jewellery, Southland S/C, 03 9583 2633 | Temelli Jewellery, Westfield Knox City S/C | Uccello Jewellery & Watches, Altona, 03 9398 8551 NSW Vintage Watch Co., Sydney, 02 9221 3373 | Hennings Jewellers, Narellan, 02 4647 8555 | Melewah Jewellery, Haymarket, 02 9211 5896 WA All About Time, Balcatta, 08 9349 0600 | Big Watch World, Hillarys, 08 6388 8029 | Leon Baker Jewellers, Geraldton, 08 9921 5451 | Jools of Claremont, Claremont, 08 9385 5476 | The Watch Spot, Perth, 08 9421 1093 QLD Hatton Garden Jewellers, Beenleigh, 07 3287 1230 | Richardsonâ&#x20AC;&#x2DC;s Jewellers, North Lakes, 07 3482 2555 | Vintage Watch Co, Brisbane, 07 3210 6722 NT Goldsmith Pty Ltd, Darwin, 08 8981 4448 NZ Blade Master, Auckland, 64 9 363 2088 | Time Centre, Christchurch, 64 334 30440 FIJI Tappoo Airport Departure Lounge, Nadi Airport | Tappoo Sheraton Store, Denarau Island | TappooCity, Suva

SECURITY SOLUTIONS 117

Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

SHO PTA

ognising Vale Mike Rothery stry Heroes

an d exce lle nc e No am ou nt of tra ini ng co Mike ha ve pr ep are d is with we note the recent passing of uld Rothery who, th e AuIt str aligreat an sadness Cuthat lbe rt fo r wh at sh e wa s pu after being treated for cancer for the last 14 months, passed away home t thatro ug h (A SM F) ea ch onfollowing th at fat al af on February 6, 2016, a rapid and deterioration in his teunexpected rn oo n. He r str en gt h of of m ed al: condition. ch ara cte r, co ur ag e, an d re so lve dis pla ye d on th at af te rn oo n us t su re ly pla his role as First Assistant Secretary, Federal m Attorney-General’s National ce he r M ed alInof ac tio ns we ll ab ov e Security Resilience Policy Division, Mike played an a vital roleyo in forging stronger d be nd wh at wo uld g ac ts of no rm all yand relations between government whilst also helping betheacprivate ce ptsecurity ed assector th e ca ll of du ty. to move the industry towards its ultimate goal of professionalisation through his

with groups such as Security Professionals Australia. M ed al work (A SM ), M ike Ro th er y, AS M re cip ie nt 2011 ec ur ity M ike Ro th er Describing himself — off the record — “policy Mike Rothery y, as Fira st Asentrepreneur”, sis tant Se cre tar y, g ex amwas pleans adroit public a foresight that can only come with experience; Feservant de ralwith At to rn ey -G en er al’s Na tio na l os itive a man very muchSe about policy and rarely about politics, in which he played a cu rit y Re sil ien ce Po lic y Di vis ion , wa s nc e at along game. re co gn ise d fo r his pu bli c se rv ice an d his exce The security industry recognised awarding him an Australian lle nc e his ascontribution a ro le mbyod el in se cu y Security Medal (ASM), one the first recipients in the first year of theritAustralian po licas y fo rm ula tio n. Roth er y, insums his up rothe Security Medals Foundation Inc., in 2011. The medal citation le in its im ple m entin g na tio na l professional side nicely: “Mike Rothery, First Assistant Secretary, Federal se cu rit y po lic y in or th e wo rk reNational sp ec t Security of cri tic Attorney-General’s Resilience Policy Division, is recognised for al inf ras tru ctu re , inc lud ing cit ati onhis s public of service ancu excellent in security policy formulation. cyand beas rse rit y, role ha smodel be en ins tru m ental Rothery, in implementing the Federal national security policy in respect of iss ue s. in his role in pr om ot ing co op er ati on betw of critical infrastructure, including cyber security, has been instrumental ee n in go ve rn m en t an promoting co-operation between government andteprivate enterprise d pr iva en te rp ris e ininensuring nt 2011the security of the ennation.” su rin g th e se cu rit y of th e na tio n. antas

by his partner Paula, and his two (young adult) children, en a HeRothery ll’s is survived Su bm it yo ur no m ina tio ns fo r ne Caitlin and Siobhan – Rod Cowan xt er, Anth ony ye ar ’s Au str ali an Se cu rit y M ed als at : th . ww w. au str ali an se cu rit ym ed al. co m .  th po lic e

ng th e n th e

id to th e rib ed as

s he ad , loo d, he d th e no se , m uc us

ulb er t

118 SECURITY SOLUTIONS

Australian Security Med al receipient Mike Rothery

CivSec 2016 CONGRESS AND EXPOSITION 31 MAY - 2 JUNE 2016 MELBOURNE AUSTRALIA

CIVIL SECURITY AND CIVIL DEFENCE FOR THE INDO-ASIA-PACIFIC A COMPREHENSIVE FORUM FOR LEADERS AND PROFESSIONALS Border Control l Transport, Resource and Infrastructure Security l Physical, Cyber and CBRNE Security l Policing and Emergency Services l Surveillance, Intelligence and Response l Community Safety and Public Protection l Disaster Relief and Humanitarian Assistance l Remediation, Reconstruction and Resilience l Safety, Search and Rescue l Capability and Research l Technology and Innovation

FREE ADMISSION - PRE-REGISTRATION REQUIRED

www.civsec.com.au

SECURITY SOLUTIONS 119

SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552

I wish to subscribe for:

oONLY $62 per annum!

Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.

Credit Card oBankcard

oVisa

oMastercard

oAmex

oDiners

Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.

Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...

Subscribe to Security Solutions Magazine for

ONLY $62 per annum!

Simply fill in the form or call 1300 300 552

120 SECURITY SOLUTIONS

Powerful insights into security and property related matters that occur in and around the work place. SIMTRACK™ is the solution of choice for organisations to manage and track security related incidents across all business sectors in a structured and unified environment. Built with complete mobile and tablet support, SIMTRACK™ allows incidents to be reported as they happen, where they happen. Intelligent insights to trends, incidents hotspots, serial offenders and more emerge through powerful inbuilt real-time reporting. Businesses can mitigate risks effectively with strategic implementation of preventative measures. l l

Hosted in Australia Incident Forensics

l l

Secured facilities Web based

l l

Full data encryption Securely Hosted

‘Locate incident hotspots track serial offenders and identify trends as they emerge with powerful in built real-time reporting.’

simtrack.com

6 - 7 APRIL 2016

VISIT US AT TOTAL FACILITIES 2016, STAND 61

“providing your business with solutions to do business”™

Founded 1999

3 Dimensional Consulting 211A Swan Street Richmond Melbourne Victoria Australia, 3121

Australia: International: E-mail: Web:

1300 881 711 +61 3 8844 7550 enquires@simtrack.com www.3dc.com.au

SPEED UP! with Aperio® V3

Experience the next generation of Wireless Access Control

WIRELESS LOCKS REACT IN A HEARTBEAT WITH THE NEW V3 PLATFORM! ASSA ABLOY’s Aperio® V3 platform is a new generation of battery-powered locks packing more powerful electronics enabling faster response times. Its remote unlocking commands pass from access control systems to doors and locks almost instantly, providing users with an effective remote opening function. With a comprehensive lock range covering almost every door style and opening there’s no reason to delay upgrading to faster wireless access control with Aperio® V3.

Cost-effective Increased battery performance

To find out more please phone 1300 LOCK UP or visit aperiotechnology.com.au

Multi credential Supports multiple high frequency RFID technologies and SEOs mobile access

Real-time Heartbeat communication: 5-10 seconds