July 2018 ASIS News
Print Issue: July 2018
GSX Promises Vegas Flair
World-class networking is a hallmark of the ASIS annual event. In Las Vegas this September, the Society is pulling out all the stops for Global Security Exchange (GSX), formerly the Annual Seminar and Exhibits. From bowling to luncheons to a reception at Drai's Nightclub, GSX offers countless opportunities to forge new connections and cement existing relationships at the industry's premier networking events.
Kick off the week on Sunday, September 23, by teaming up with friends and colleagues for the ASIS Foundation Golf Tournament at Bali Hai Golf Club, located next to the Las Vegas Strip. Registration includes breakfast, player gifts, and a buffet lunch, with event proceeds benefiting the ASIS Foundation.
On Sunday evening, the popular Brooklyn Bowl will be transformed into the GSX Opening Night Celebration. Don your bowling shoes and join thousands of peers for a fun-filled night of food, music, and catching up with friends.
The U.S. Outstanding Security Performance Awards (OSPAs) Luncheon on Monday provides an opportunity to celebrate excellence across the industry—from young professionals to managers to consultants, and more. The deadline to enter for U.S. OSPAs consideration is July 23. Apply at us.theospas.com/enter.
In addition to opportunities to connect with colleagues in the halls and while perusing the exhibits, the ASIS International Happy Hour on Tuesday on the show floor will celebrate the end of the first day of exhibits. Grab a drink and relive the highlights of the day.
Close the week in style at the annual President's Reception at Drai's Nightclub. At one of Las Vegas's most exclusive venues, guests will be treated to an evening of live entertainment, food and drinks, networking, and a view of the Strip from the 11th story capstone of the Cromwell hotel.
Register for an All-Access Pass before August 10 and save $100 on your ticket to these events and more. Visit GSX.org/register to sign up.
SECOND QUARTER GLOBAL EVENTS
Excitement is building towards GSX this September in Las Vegas, as evidenced by the energy at the following events that took place in the second quarter of 2018.
Transparency battles. Global rules in flux. Artificial intelligence.
Global chief security officers and deputies who attended the 11th Annual CSO Summit April 29 through May 1 at Target Plaza Commons in Minneapolis, Minnesota, grappled with how these and other change drivers will affect the security profession.
While key conversations and experiences—such as a private security tour of U.S. Bank Stadium—were prevalent, at center stage was a forward-looking agenda aiming to make sure security executives adapt and remain relevant to their organizations.
Futurist and cybersecurity professional Scott Klososky led off the conference by emphasizing that security leaders are responsible for looking into the future and—before anyone else—understanding how the world, their industry, and their businesses are changing, especially with an eye toward future risk.
For every cutting-edge technology solution or strategic advantage discussed throughout the event, there was equal and appropriate caution regarding unintended consequences.
For example, artificial intelligence will help security by enabling analysis of logarithmically more data, such as using HR records to identify insider threats, but it has to be implemented properly and with auditability because it can lead to algorithmic bias—that is, it could systematically discriminate against certain groups.
A common theme across the two days was to define security initiatives in terms of drivers and enablers of business and savings, rather than as sunk costs. Speakers shared examples of strategies they used to calculate the cost savings of implementing new security projects to justify those programs to the C-suite.
Another common theme was that the path forward for corporate security, and sustainable success in business, requires effective implementation of enterprise security risk management (ESRM), where the organization formally and holistically manages risk.
This can go hand-in-hand with a DevSecOps approach, where all employees are empowered to contribute to organizational safety and security, especially as it becomes more difficult to centralize response to the growing activities and vast data sources generated by modern business processes and systems.
CSOs and their deputies will have the opportunity to continue exploring the evolution of these change drivers and attend exclusive educational sessions in the CSO track at GSX in September.
Thousands of security and law enforcement professionals gathered at the Jacob K. Javits Center May 16 and 17 for the ASIS 28th New York City Security Conference and Expo to dive into networking, education, and exhibits at the Northeast's leading security event.
The event started with a Security Rocks welcome party at the Hard Rock Cafe on Tuesday evening. Live entertainment set the scene for fun and networking worthy of the Big Apple.
Conference education began Wednesday morning with a keynote from JPMorgan Chase Crisis Management Head Scott Morrison, who discussed emerging threats and trends.
The emerging trends theme continued throughout the day, via a panel discussing the legal and practical applications of drone technologies, a crash course on implementing ESRM to earn security a "seat at the table," and a talk from Facebook Chief Global Security Officer Nick Lovrien, who explored the challenges associated with securing Facebook's open office environment.
Thursday's education focused on active assailant attacks, with sessions devoted to emergency preparedness and vehicle-involved attacks. At Thursday's Person of the Year Luncheon, the ASIS New York City Chapter honored His Eminence Timothy Cardinal Dolan for his service to the people of New York.
On both days, a bustling expo floor provided attendees the opportunity to meet with some of the region's foremost solutions providers.
ASIS Toronto Best Practices
ASIS Toronto's largest educational event of the year, the 2018 Best Practices Seminar held on April 19, was its largest ever, with a full house of 200 attendees and speakers. It was the 25th annual seminar for the chapter.
For the first time, the event was held in the Grand Banking Hall of the Dominion Bank building at One King West in downtown Toronto. Attendees enjoyed a jam-packed day of presentations set against the historic ballroom's dramatic backdrop.
Themed #SecurityEmerging, the seminar featured topical sessions including hyperloop, ESRM, and cannabis. John Minster, physical security manager, TD Bank, discussed video analytics, demonstrating examples of how to apply basic analytics in a variety of real-world applications, with measurable results to the organization. The day concluded with a panel of experts who discussed the role of the security professional in dealing with workplace sexual assault.
The 26th Annual Best Practices Seminar will be held on April 11, 2019. Visit asistoronto.org for details.
ESRM: MID-YEAR UPDATE
By Tim McCreight, CPP, and Rachelle Loyear.
The ASIS ESRM Initiative is now at its halfway point for 2018. During the leadership sessions held in Washington, D.C., in January, ASIS made it clear that enterprise security risk management (ESRM) is a priority for the Society today, and into our future. As co-chairs of this important work, we are pleased to share a status report detailing the efforts to infuse ESRM into the Society's programs and services.
It is with great pride we can say that in the past six months, the ESRM Initiative has accomplished a number of significant achievements. Four value streams were established, each led by a subject matter expert and a representative from the ASIS Board of Directors.
They focus on Education, Standards and Guidelines, Marketing/Branding, and Maturity Model Tool. We are already seeing the fruits of these groups' labor with the following initiatives well underway:
• Education. An ESRM webinar, including definitions and key points, was developed to ensure that all the ESRM presenters at Global Security Exchange (GSX) are "singing from the same songbook." In addition, a draft glossary of terms has been created and an ESRM 101 training will be available by GSX.
• Standards and Guidelines. A draft ESRM guideline is on track to be completed by GSX. This document outlines an approach to security program management using risk principles to link an organization's security practice to its mission and goals. The working guideline also describes the concept of ESRM, including its four principal elements, as well as additional steps security professionals can take to strengthen an ESRM effort, bring it to maturity, and maintain it over time.
• Maturity Model Tool. Requirements for the tool have been established and a request for proposal for a supplier has been disseminated.
• Marketing and Branding. An ESRM slide deck was distributed to all chapter and council leaders, and several articles have been written detailing the need for security professionals to apply ESRM within their organizations.
There is a great deal of rigor and project management going on behind the scenes within the ESRM Initiative, and it shows. The value streams are all on track to deliver their key project updates by GSX, and there will be a number of educational sessions at GSX to showcase some of the deliverables, including a pre-conference program workshop.
Check the GSX program guide to see all the ESRM sessions for 2018, and feel free to contact us at firstname.lastname@example.org if you have questions or would like more information on any of the value streams.
Tim McCreight, CPP, is ESRM Initiative board sponsor, and Rachelle Loyear is ESRM Initiative program manager.
Wharton/ASIS Program for Security Executives: Making the Business Case for Security.
With so many new threats confronting today's organizations, corporations are challenged by competing security priorities, as well as how to invest their resources wisely.
How do they best protect their employees and their organizations' networks and data from harm? As a security professional, how do you communicate the security story so leaders fully understand the costs, benefits, and risks of not having a comprehensive strategy?
Designed for senior security leaders, the Wharton/ASIS Program for Security Executives will enhance participants' business acumen and effectiveness in key areas of strategy, negotiation, critical thinking, and managing change. Attendees will gain the leadership and management skills needed to help them work more effectively and communicate the bottom-line impact of security decisions to the C-suite—so security priorities can be moved forward.
Through interactive lectures, exercises, and case studies, both in the classroom and in smaller work groups, this custom-designed program will enable participants to create effective security strategies in a fast-changing, global environment. Attendees will come away with a strategic toolbox that will help put these business skills into immediate practice, as well as recognition of their own leadership and communication strengths.
ASIS members save $1,000 (and CSO Center members qualify for an additional discount) on the regular program fee—which includes all meals and accommodations. Visit asisonline.org/wharton to learn more and apply.
IT SECURITY COUNCIL SPOTLIGHT
"Cybersecurity is like painting a bridge," says ASIS Information Technology Security Council Vice Chair Robert Raffaele, CPP. "As soon as you decide on a practice and implement it, it's time to start over again. The technology advances so rapidly that documented best practices can quickly become obsolete."
The IT Security Council carries the unique burden of sharing its members' world-class information security expertise in forms that won't be outdated by the time they reach their audience.
Earlier this year, the council published Security on the Internet of Things: An Enterprise Security Risk Management Perspective, a white paper examining risks security professionals need to keep in mind as today's devices become more and more connected.
Given the nature of IT security, the council emphasizes person-to-person knowledge-sharing—timely advice delivered when it's needed most. This September, the council will sponsor 11 education sessions at GSX. These sessions will cover topics like cyber terrorism, mobile device security, cybersecurity for physical security professionals, emerging technologies, safe cities, and more.
The council also offers itself as a yearlong resource, connecting security professionals with the appropriate council members and trusted industry experts needed to tackle real-time IT security problems.
"In security, trust is such a big factor," says 2018 Council Chair Jeff Sieben, CPP. "It's so much easier to rely on a particular process when that process has been vetted by someone you trust. As a council, we're happy to be that bridge between members and the reliable, immediate information they need."
Sieben says the council's role is to be a consultative body of subject matter experts.
"This council's greatest asset is members who stay current and are available to talk about current topics," he says. "Our members are plugged into the greater IT security sphere, contributing to ISACA, ISSA, SIA, (ISC)2, and more."
To consult with the IT Security Council, email council leadership or message a council member on ASIS Connects. The full council roster can be found on the council's community page. Search "Information Technology Security Council."
ASIS LIFE MEMBERS
ASIS congratulates Eduardo Martinez Fulgencio, CPP; Leonard A. Rosen; and H. John Bates, CPP; who were granted lifetime ASIS membership.
Fulgencio served as an ASIS assistant regional vice president for many years. He also held the positions of chapter newsletter chair, chapter chair, treasurer, and chapter program chair for the Philippines Chapter of ASIS. He has been a member of ASIS for more than two decades.
Rosen and Bates were automatically honored with the lifetime award for their continuous membership of more than 50 years. ASIS is grateful for their loyalty for more than half a century.
MEMBER BOOK REVIEW
Private Security and the Law, Fifth Edition. By Charles P. Nemeth. CRC Press; crcpress.com; 739 pages; $89.95.
As the security profession makes strides in education and training, there is a concurrent need for books that light the path. Dr. Charles Nemeth has written such a book: Private Security and the Law. This fifth edition is a big one, both in size and what it has to say. The author has significant experience as both a security practitioner and a scholar. In this book, he nimbly toggles between the two worlds, presenting a viewpoint that is unbiased and comprehensive.
Nemeth acknowledges the tension between public policing and private security, while showing how the two can work symbiotically. The first chapter presents the historical underpinnings of the profession, giving a rich history of private security protection.
The next chapters focus on regulation and licensing; the law of arrest, search, and seizure; civil causes of action; criminal culpability and the private security industry; and evidentiary issues. These chapters help the reader understand how complex areas of the law relate to the security profession.
As both an attorney and a professor of security management, I would refer to this book because it presents statutory and common law elements and legal explanations in a straightforward manner, while also presenting case law and helpful study questions. I appreciate the standout inserts that allow readers to update their knowledge, as well as the citations of websites, handy tables, charts, and sample forms sprinkled throughout the book.
Bringing it all together are Chapter 7, a model for cooperation between public and private law enforcement, and Chapter 8, a compilation of seminal case law. Nemeth has this to say about the roles of public policing and private security: "Factionalism is surely not a fixed state for either side of the policing model. What appears more likely on the horizon is the recognition that these are two armies operating under one flag."
I highly recommend this book for the classroom, the security practitioner seeking to know more about the law, and the lawyer representing a security provider as a client. This fifth edition is a monumental work, deserving of space in the libraries of students, lawyers, and security professionals.
Reviewer: Lydia R. Wilson, CPP, is an attorney admitted to practice law in Virginia, New York, and Florida. She is a member of the ASIS Information Asset Protection and Pre-Employment Screening Council.