Second to None
Print Issue: August 2015
With a theme of “evolve 2 advance,” the ASIS International 61st Annual Seminar and Exhibits promises to deliver security education on a level that is truly second to none. Collocated with the (ISC)2 Security Congress, the seminar will include 200 educational sessions in 22 tracks. The latest security products and innovative services will be on display from more than 600 exhibitors at the Anaheim Convention Center in Anaheim, California, from September 28 to October 1.
As always, the roster of seminar sessions is replete with topics that cover every aspect of security. As a preview of the knowledge on tap in Anaheim, Security Management spoke with the presenters of three of the scheduled sessions, which cover management, loss prevention, and threat assessments.
Who’s the Boss?
On Monday, September 28, from 11 a.m. to 12 p.m., a panel of experts will present “Security Responsibility or Confusion: Who Owns What?” One of these experts is Shayne Bates, CPP, principal consultant at Stratum Knowledge, LLC, who previewed what to expect during the presentation. He notes that the answer to the question posed by the session’s title is: Sooner rather than later, everyone will own a piece of everything.
Bates says the session will focus in part on the lack of communication between the CSO and CIO. Historically, the two positions have had different reporting chains and worldviews, with “the CSO possibly coming from a military or law enforcement background and the CIO maybe having a much more business-oriented view.”
If the CSO and CIO don’t communicate, “then I contend that it comes back to the leadership of the organization—whether the CSO and CIO are competitively pitched against each other…in the C-suite,” he says. If that is the case, “is there a mutual, neutral environment in which the two can come together to talk about bettering the business?”
One common area of concern is the added-value data that security systems can provide to other parts of the business. An example is an airport where CCTV systems are also used to monitor restroom servicing. The cameras, he says, “show how often the restrooms are being cleaned—do we see the cleaners with their carts going down the hall? Are the supervisors checking on their work?” Another example is CCTV in the retail setting where cameras with video analytics can count people who pause at a certain product. With this kind of valuable data, he says, “suddenly, you’ve got a high degree of cooperation between the business and security that involves both the CSO and CIO. They can come together to find ways to help the bottom line of the enterprise.”
“What ASIS has to offer in this emerging landscape are risk definitions and tools that contain business language” such as via the concept of enterprise security risk management (ESRM), Bates notes. “If you understand the risks, then you can manage risk and deal with it. And when you become conversant with enterprise risks, then certain risks can be seen as opportunities. If you are better at managing risk than your competitor, then that is an advantage.”
Down to the Core
Sponsored by the ASIS Retail Loss Prevention Council, “Core Elements of Retail Loss Prevention” will take place on Monday, September 28, from 1:45 to 3 p.m., and will be presented by Alan Greggo, CPP, regional asset protection officer for Microsoft, and Kathleen Smith, vice president of loss prevention for Safeway Companies.
The session will focus on four areas that are of serious concern to retailers. One of these areas is organized retail crime (ORC).
ORC is estimated to cost retailers about $30 billion per year, says Greggo. Organized retail crime is differentiated from shoplifting in that it is undertaken by groups of professional thieves who steal large quantities of merchandise that they later fence or resell themselves. It can also be dangerous, because “the groups are frequently willing to do whatever they can—including fighting and carrying weapons—to get away from law enforcement and security. Some retailers, such as Kroger, Safeway, Walgreens, Gap, and The Limited have created taskforces to focus on the problem,” he says.
The prevalence of ORC has also led to increased communication between law enforcement and retail security and risk management. “Many law enforcement agencies that I come in contact with in the field have retail liaison officers, and there are also local police substations in many malls. At Mall of America, for example, there is a Bloomington [Minnesota] police substation, and it lets law enforcement carry on a dialog with retail loss prevention and asset protection that didn’t exist a few years back,” Greggo states.
Additional encouraging news is that because so many stolen goods are fenced online, over the course of the last decade, auction site eBay has “created a great partnership with retailers,” Greggo notes. Originally, eBay and other online auction sites “didn’t want to work with the retailer and only wanted to work with police,” Greggo says, but now eBay has “taken great strides and there are avenues of communication that retailers can use to get information about sellers…. For example, there is a form that can be submitted, and eBay will return a report and close down auctions that infringe on retailers’ brands or name, or if the goods are proven to be stolen.”
About 70 percent of U.S. states have either introduced legislation that increases the penalty for shoplifting if the theft exceeds a certain value or have enacted laws that define retail crime.
Technological improvements are also assisting retailers. For example, one way that ORC gangs have heretofore successfully stolen items tagged with electronic article surveillance (EAS) tags was through the use of foil-lined bags, called “booster bags,” which defeated the EAS readers. ORC shoplifters also lined their clothing with foil to allow them to slip items under their coats or shirts, or hide them in pants pockets, and exit without sounding an alarm. Now systems exist that can detect booster bags and foil-lined clothing coming into the store, preventing that method of theft.
A Fresh Take
The ASIS Physical Security Council will sponsor “How to Gain Business Value from Risk, Threat, and Vulnerability Assessments,” on Monday, September 28, from 4:30 to 5:30 p.m. Jeffrey Slotnick, CPP, PSP, who is CSO and founder of OR3M, LLC, will explain to attendees how the risk, threat, and vulnerability assessment—a fundamental tool of the security practitioner that is traditionally presented as a report or executive summary from which it is difficult to extract critical information—can be optimized by using alternate processes and methodology. This change increases the information gained from assessments and uses them to bolster the business case for systems, process changes, and additional personnel in support of the enterprise.
Slotnick’s company developed a way to use IT technology currently on the market to place the data “in an environment where we can apply data analytics to all assessment across the enterprise,” he says. By doing so, the organization can make enterprisewide decisions on risk, threat, and other potential problems and issues, as well as on physical security network architecture.
From a risk threat and vulnerability assessment perspective, he says, “We’re capturing all this data: threats, physical security vulnerabilities, potential losses, and consequences, and we can take all that data and move it forward into a larger enterprise picture that’s on a dashboard. Then an individual can see exactly what their issues are in real time. Also once the data is captured, instead of going back in and redoing it every two years, what you’re doing is refreshing, rather than redoing. You’re addressing what’s changed, which means significant cost savings.”
These presenters and many more will reveal their wisdom in Anaheim. For more information on seminar sessions, as well as preseminar programs taking place on the weekend before the event, visit securityexpo.asisonline.org.
Ann Longmore-Etheridge is contributing editor to Security Management and editor-in-chief of ASIS Dynamics and the ASIS Seminar and Exhibits’ Show Daily.