ASIS News July 2017
SEMINAR EDUCATION MORE DYNAMIC, IMMERSIVE
The buzz about the 2017 ASIS Seminar and Exhibits is all about compelling keynoters, networking opportunities, revitalized social events, a new show floor footprint, strategic partnerships, and a dynamic schedule. But the heart of ASIS’s annual Seminar and Exhibits has always been its education.
This year, Seminar planners are focusing on showcasing essential content in the most useful formats. Now that the show floor will open on Tuesday, Monday is reserved for education only. Educational sessions will be more varied than ever before. Traditional presentations, such as 60-minute panel sessions, will still be available, but innovations will include more than two dozen 25-minute impact-learning sessions on the exhibit floor and immersive deep dives in the classrooms. Some classrooms will have innovative setups, such as fishbowls, to accommodate different teaching styles and formats. And some sessions will be live-streamed so that anyone unable to make it to Dallas will be able to participate online.
Forty-third U.S. President George W. Bush kicks off Monday morning with an exclusive, off-the-record keynote address, which will touch on his eight years in the White House, his experience with world leaders, the nature of public leadership and decision making, and his perspective on current domestic and international issues. This will be followed by a lively State of Security conversation led by ASIS CEO Peter J. O’Neil, CAE, and 2017 ASIS President Thomas J. Langer, CPP, who will share their perspectives on where the Society is heading in the months ahead.
Monday continues with a full slate of learning sessions starting at 10:45 a.m. Highlights include a panel on integrating millennials into the workforce, corporate security’s role in preventing domestic violence, and exploration of effective change management.
Monday’s 2 p.m. sessions include several deep dives. One interactive session led by Jeff Slotnick, CPP, PSP, will group attendees into corporate departments such as risk, security, and environmental health and safety, then ask them to collaboratively apply principles of Enterprise Security Risk Management to deal with an emergent situation. Another deep dive will analyze last year’s high-profile robbery of a reality TV star in Paris.
Monday afternoon also offers a session on Super Bowl LIVE! That event was a 10-day fan festival in Houston preceding Super Bowl LI. A multijurisdictional partnership of law enforcement agencies and corporate representatives created a smart city that left a legacy of crime reduction and sustainability. Monday’s final slot of the day includes such topics as facility design, violence mitigation, radicalization, and doing business in Latin America.
Many learning programs move to the exhibit floor on Tuesday through Thursday. Two theaters will host 25-minute impact-learning sessions over the three days. As with the classroom programs, several will be presented by seminar partners InfraGard and ISSA; those will focus on critical infrastructure protection and cybersecurity.
Tuesday’s lineup features additional deep dives: the ASIS Board of Directors convenes to discuss global threats affecting the security profession; a mock trial litigates the aftermath of a terrorist bombing; and Tuesday morning keynoter Scott Klososky will examine the integration of technology in our lives—from wearables and implantables to the rapid growth of artificial intelligence and augmented reality. Later in the day, he will delve deeper into his concept of HUMALOGY (humanity and technology). Other topical sessions cover grid security, workplace bullying, metrics dashboards, and security risks in the European migrant crisis.
On Wednesday, retired FBI Special Agent Richard DesLauriers and former Boston Police Department Commissioner Ed Davis will give a presentation showing how teamwork and information sharing led to the capture of the Tsarnaev brothers following the Boston Marathon terrorist attack. After the keynote a full day of classroom and show floor presentations ensue. Look for sessions on the Dallas police shooting, defensive use of drones, penetration testing, a case study of archaeological site security in Spain, transitioning from the military to the civilian world, and social media risks.
Thursday begins with a powerful keynote presentation followed by a half day of education taking place on the exhibit floor. Session topics include school and campus security, travel risk management, data protection, and balancing security program elements.
In addition, there will be professional development opportunities in the Career Center, “fireside chats” in the ASIS Hub, and much, much more. Visit securityexpo.org to keep updated on news and program announcements.
CSOS ATTEND WASHINGTON SUMMIT
The 10th Annual CSO Summit was held in the Washington, D.C., area April 23–25, and organizers took full advantage of the proximity to power by scheduling briefings from top U.S. security officials, as well as an array of private sector security experts.
Leading the charge of officials was then FBI Deputy Director Andrew McCabe, who gave a wide-ranging, for-attendees-only briefing on the state of national security and the leading threats to the United States. In terms of counterterrorism, McCabe said that the “big three” adversaries to the United States are China, Iran, and Russia, and China is particularly effective in stealing valuable U.S. data and intellectual property.
“The Chinese are eating our lunch,” said McCabe, who was an afternoon speaker at the summit. The timing of McCabe’s appearance was also fortuitous; just weeks later, McCabe became FBI acting director and was thrust into the spotlight at a high-profile U.S. Senate hearing.
The day after McCabe’s briefing, William Evanina, the director of the National Counterintelligence and Security Center (NCSC), offered a riveting briefing for attendees. The NCSC is part of the Office of the Director of National Intelligence and is staffed by senior counterintelligence specialists from across the intelligence and security communities.
Picking up where McCabe left off, Evanina said that U.S. businesses are suffering $500 billion in annual losses from Chinese espionage activities. Recently, Chinese hackers have been particularly effective in targeting law firms that represent U.S. firms, in order to steal patent data and other intellectual property capital.
The summit began Sunday afternoon with executive coaching sessions, followed by a preconference session on terrorism drivers, and a two-hour opening reception. On Monday morning, the conference began with a bang—an opening keynote address by John Walsh, criminal investigator, victim rights advocate, and host and creator of America’s Most Wanted.
In a fiery speech, Walsh spoke of the continuing horrific problem of sex trafficking of children, with kidnappers trolling public events for young victims. Repeat offenders often stay one step ahead of law enforcement, Walsh said: “They keep moving, moving, moving, and we don’t catch them.” After the speech, attendees had the opportunity to photograph themselves with Walsh. The line was long.
Two days of education sessions covered critical leadership issues such as breaking down cyber and physical security silos, using metrics to assess security ROI, and building an in-house intelligence program. Breakout sessions included workshops on cultivating emotional intelligence for effective leadership, and building trust with the C-suite. The conference also featured a private tour of the U.S. Capitol for attendees, and a closing reception at the Ritz Carlton, Pentagon City, which was the main venue for the event.
By Mark Tarallo, senior editor at Security Management.
NEW STANDARD PROVIDES SYSTEMATIC APPROACH TO MANAGE RISK
In June, ASIS released a new ANSI Standard, Security and Resilience in Organizations and Their Supply Chains (ORM.1). This standard, developed by a technical committee comprised of 78 participants from 20 countries, provides a systematic, jurisdictional/country neutral approach to identify, assess, and manage risks related to an organization’s operations and supply chains. ASIS International is an ANSI-accredited Standards Developing Organization.
The Standard reflects the understanding that organizations do not operate in isolation but rather as part of a complex and interconnected ecosystem. Therefore, it is not sufficient for organizations to manage just internal risks. The Standard helps eliminate “siloing” of risk by providing a framework for organizations to develop and implement policies, objectives, and programs that consider:
• Context of the organization and its supply chains;
• Legal, regulatory, and contractual obligations and voluntary commitments;
• Needs of internal and external stakeholders;
• Uncertainties in achieving its objectives; and
• Protection of human, tangible, and intangible assets.
ASIS Standards and Guidelines Commission Liaison Lisa DuBrock highlights the importance of this approach, noting, “…in today’s increasingly complex and unstable global environments, the question is not if the security administrator is called upon to support the full spectrum of the standard, but when.”
This standard replaces the ASIS/ANSI Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ASIS/BSI/ANSI Business Continuity Management Standard (BCM.1). DuBrock says that while the “SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response and recovery strategies, the ORM.1 provides a risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience.”
ASIS members get one free download of ASIS Standards and Guidelines. Learn more at asisonline.org/standards.
MEET THE FRONT LINES
ASIS International’s member services team is the first point of contact for ASIS members and the security community worldwide. The dedicated team is always prepared to provide information, services, and other support to ensure first-rate customer service.
We asked the member services team what they like most about ASIS and our members:
Supervisor, Member Services:
“The security profession and the members we serve make the world a safer place for everyone. It makes the work we do, supporting these wonderful professionals, deeply rewarding.”
Member Services Representative:
“My favorite thing about ASIS is attending Seminar and putting a face to the name of someone I’ve frequently corresponded or talked with.”
Member Services Representative:
“I love the camaraderie at ASIS—my colleagues are friendly, welcoming, and collaborative. The member services team feels like a family.”
Member Services Representative
“I am proud of the opportunities and sense of community we provide for our members in such an important profession.”
Contact the member service team at +1.703.519.6200 or [email protected] Hours of operation are Monday–Friday, 9 a.m. to 5 p.m. Eastern Time.
MEMBER GET A MEMBER
It’s the last push before the final whistle blows on the first ASIS International Cup, the Society’s refreshed Member-Get-A-Member campaign, which provides friendly competition between members to see who can recruit the most members into the Society from May 1 to July 31. So far, dozens of members have taken to the field to compete for a variety of fun prizes and the ultimate bragging rights. It’s now the closing minutes of the game.
During this final month of the ASIS International Cup, new members can take advantage of half-year membership. This allows them to join ASIS at half the price of a standard full-year membership. Make sure you pass this along to colleagues who have not
yet joined—and let them know all the reasons you value your ASIS International membership.
Check out the current standings at asisonline.org/membership.
ASIS SPOTLIGHT ON SAFETY
Each month on the ASIS website, Security Spotlight provides a suite of free resources that focus on a specific security challenge or industry trend. These resources are curated from the extensive references housed in the ASIS library, including council white papers, seminar education sessions, webinar recordings, book chapters, Security Management articles, and various other sources.
A full list of all topics can be found in the online Member Center (asisonline.org/securityspotlight).
In May the subject was Internet of Things (IoT) security and it included the 2016 webinar, Is your Refrigerator Spying on You and the ASIS 2016 Seminar session Addressing Cyber Risks to “Internet of Things” and Building Controls, as well as the 2017 Security Management article “Outdated Protocols and Practices Put the IoT Revolution at Risk” and guidance provided by the IT Security Council after the September 2016 Mirai Botnet Attacks. The topic in June was cybersecurity.
This month Security Spotlight focuses on school security, and it features a special new white paper from the ASIS School Safety and Security Council, School Bus Safety. The white paper is part of a series prepared by council members, including security professionals from colleges and universities, K-12 schools, and consultants.
School Bus Safety addresses various approaches to school bus safety and security issues, focusing on a proactive approach to protect children and others. The council notes, “the frequency of bus accidents appears to be increasing in [the United States].” However, “being prepared is the key to survival and saving lives.”
The paper is divided into seven sections, each providing unique perspectives on the issue. To set the scene, the first section covers the prevalence and circumstances surrounding school bus accidents.
The content that follows is a combination of practical tips and checklists for bus operators, research and examples of school bus incidents in the news, best practices, case studies, information on site assessment, links to other helpful information and security technology analyses.
In sum, the council white paper recognizes an international concern and identifies ways to move forward with patience, diligence, and research to defuse safety hazards on public and private school buses.
By Peggy O’Connor, ASIS director of communications. Contact her at [email protected] Follow her on Twitter @pegoco.
ASIS has granted two members Life Membership:
• Gayla Wick, CPP
• Roy J. Murphy, CPP
Life membership may be conferred upon one who has been a member for at least 20 consecutive years and is permanently retired from full-time security employment. The person must also have made a notable contribution to ASIS. Congratulations!
MEMBER BOOK REVIEW
Practical Aviation Security: Predicting and Preventing Future Threats, Third Edition. By Jeffrey C. Price and Jeffrey S. Forrest. Butterworth-Heinemann; Elsevier.com; 598 pages; $99.95.
The third edition of Practical Aviation Security: Predicting and Preventing Future Threats is a well-researched reference for students learning aviation security and practitioners in the field. It provides the background necessary for those entering this complicated industry from any direction—a recent graduate, someone changing career paths, or a seasoned pro taking on additional responsibilities. It also assists in the preparation of instruction on unique airport security subjects for both entry-level and veteran airport workers.
Security within an aviation environment is complicated and highly regulated, with many areas of concern to ensure the safety of all involved. This publication explains the roles of government, airlines, and airports. Many aviation security laws, programs, and initiatives are reviewed, providing important fundamental knowledge for the reader.
The aviation industry is vital to the economies of our globe. It demands that security technologies and practices be current and collaboratively linked to ensure the safety of its users. This book highlights the industry’s history—recent and distant—identifying the discipline’s needs and the industry’s challenges through its review of security incidents. It uses case studies of aviation’s most deadly criminal and terrorist incidents, particularly those occurring during recent years. The risks and costs associated with insider threats, particularly radicalized citizen terrorists, are identified and portrayed as the most prevalent concern of aviation security professionals today.
Predicting and Preventing Future Threats may never be fully possible; however, studying the past and looking ahead at the challenges of the future will help current and future practitioners to prepare and confront those who wish to do harm. Because security is a responsibility shared by all, the industry’s leaders are advised to consult this book to assist in decisions that could impact the security of aviation.
Reviewer: Paul M. Mueller, CPP, is security manager for Manchester-Boston Regional Airport in Manchester, New Hampshire. He is an active member of the AAAE Transportation Security Services Committee and the ASIS Granite State Chapter.