Pages

Tuesday, 16 March 2021

Corporate Communications - The key business enabler and the need for security to adapt to the new age.




The issue of security failing to attract support from the c-suite and general acceptance from the general workforce is an issue that faces security managers internationally.

International 'Think-tank' discussions identified that communications is a common failing within the security field due to bias resulting from recruiting into security positions from Defence, Police etc. Many bring their 'Need-to-Know' bias with them that can be counterproductive to effective communication.

This principle has been misused over the years to produce silos of information, some of which restricts the work of security being promoted within an organisation, thus many within an organisation may be ignorant of the work and successes of corporate security teams. It has also resulted in policies being classified that restricts access, creating a potential legal issue. 

Workplace resistance to security initiatives can also result due this lack of understanding of the role and work being carried out that would support security and safety of all managers, employees, contractors and visitors.

Organisation policies, including security policies, are critical to business operations so they should be generally available to all managers and the workforce. Where possible, corporate security policies should not be classified any higher than the lowest level of security clearance of employees within an organisation and preferably unclassified where possible, to ensure that all managers and employees have access to the information. 

Policies may also be required to be used in evidence in court so must be framed in a manner that clearly states the expected standard and at a classification level that can allow it to be produced in a court of law.

Corporate security has a responsibility to ensure awareness of security policies is well understood throughout an organisation and must also understand that employees will learn through different methods and speed.

Outside of office workers such as workshops or offsite workers will require face-to-face programs whilst office/corporate employees have different considerations, taking into consideration different learning styles and culture. Some will learn through face-to-face security awareness programs that allow more questioning and after training conversations, some may require hands-on-style training or one-on-one learning, whilst others may be comfortable with short, sharp video or PowerPoint training programs, or online webinars.

A powerful tool for many corporations is the Intranet webpage, where tailored security messages can be promulgated in a manner that is easily digested by management and office-based employees at all levels of the organisation. Clear, concise messages can be promulgated with links to more details and policy documents.

Another tool is the corporate social media application. Messages should be designed to attract attention, be easily digested by the reader and provide factual information as a marketing strategy to maintain after-care in order to maintain security awareness throughout the organisation, throughout the year. Links can be provided to allow readers to explore more detail in policy documents etc.

Corporate security successes can be reviewed by specialists who are able to sanitize critical operational or legal issues to provide a good news story that can be shared amongst the organisation via internal social mefia, making the work of the security team relevant to the c-suite, managers and employees across the organisation. The aim being, to bring all members of the organisation together in support of a robust security culture. 

These social media releases could be developed by the security and legal specialists and the corporate training team supported by an experienced marketing team member.

In summary, effective communication of policy is critical to ensuring everyone in an organisation understands the rules under which the organisation operates, and the standards expected to be met or exceeded through its managers and employees. Dissemination can be achieved through various mediums that best suit the organisation.

Tuesday, 24 November 2020

Definition of Protective Security


Definition of Protective Security

Since 1986, I have pondered on the definition of Protective Security, with changes occurring over the years seeing elements cut out whilst other elements coming under the banner.  In some employment roles, protective security has come to cover close protection.  For my personal benefit, I have developed a definition that meets my requirements and have added definitions of the various elements that make up Protective Security that support the security-in-depth concept.

___________________________________________________________________

Protective security

 

The organised system of defensive measures instituted and maintained at all levels of an organisation with the aim of achieving and maintaining the protection of assets, both tangible and intangible, for its rightful custodian, through the application of security intelligence, risk management, physical security, information security, cyber security, personnel security, security awareness training and administrative security, forming mutually supporting security-in-depth.

___________________________________________________________________

Administrative Security

 

Administrative security (also called procedural security) refers to Government Legislation, Regulations and organisational management constraints, policies and procedures, accountability procedures (including audit and other compliance and loss prevention checks and audits), security training, governance and supplemental controls, including business continuity/disaster recovery/contingency plans and procedures established to provide an acceptable level of control and protection for assets.

 

Asset

 

Anything that has value to an organisation, or value to achievement of organisational mission/business objectives including, but not limited to, another organisation, a person, sensitive information or information of value, a physical device, property, hardware or item (including security cabinets, encryption hardware, military or other weaponry), computing devices and communication devices, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards).

Note 1: Assets have interrelated characteristics that include value, criticality, and the degree to which they are relied upon to achieve organisational mission/business objectives. From these characteristics, appropriate protections are to be engineered into solutions employed by the organisation.

Note 2: An asset may be tangible (e.g., physical item such as people, physical object, hardware, software, firmware, computing platform, network device, or other technology components) or intangible (e.g., information, data, trademark, copyright, patent, intellectual property, image, or reputation).

(Note: Slightly modified from asset definition at https://csrc.nist.gov/glossary/term/asset)

  

Cybersecurity

 

Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed for exploitation of systems and data/information contained to ensure confidentiality, integrity, and availability of information.

Major areas covered in cyber security are:

1) Application Security

2) Information Security

3) Disaster recovery

4) Network Security

 

Application security encompasses measures or countermeasures that are taken during the development life cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. Some basic techniques used for application security are:

a) Input parameter validation,

b) User/Role Authentication & Authorisation,

c) Session management, parameter manipulation & exception management, and

d) Auditing and logging.

 

Information security protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are:

a) Identification, authentication & authorisation of user,

b) Cryptography.

 

Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies for all information technology and communication systems in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.

 

Network security includes activities to protect the usability, reliability, integrity and safety of the network along with the Confidentiality, Integrity and Availability (CIA) of data held on electronic systems. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include:

a) Anti-virus and anti-spyware,

b) Firewall, to block unauthorized access to your network,

c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero hour attacks, and

d) Virtual Private Networks (VPNs), to provide secure remote access


Information Security

 

Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.

This includes the identification of information that is an organisational asset, classification of information, appropriate storage and protection of information and security of information in transit.

Information security directly interrelates with administrative security, cybersecurity, personnel security and physical security.


 Personnel Security

 

Personnel security involves initial and periodical vetting and aftercare of  its employees and contractors to ensure they have their identity positively established and are considered suitable to access organisational resources/assets, and meet an appropriate standard of integrity, loyalty, probity and honesty.

 

Physical Security

 

Physical security involves the use of multiple layers of interdependent systems that can include (but is not limited to) CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to deter, detect, delay and  respond in order to  protect assets.

 

Risk Management

 

The management of security risks applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks' consequence(s), prioritising the risks by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk option or risk response (mitigations strategy).

 

Security Intelligence

 

Security intelligence (SI) is the collection, evaluation, and response to potential security threats in real-time. It involves information relevant to protecting an organisation from external and inside threats as well as the processes, policies and tools designed to gather and analyse that information.

Intelligence, in this context, is actionable information that provides an organisation with decision support and possibly a strategic direction to mitigate identified threats.


Saturday, 18 July 2020

Grant of Liveryman status with the Worshipful Company of Security Professionals to Raymond V Andersson.



I am delighted to have received the honour of becoming a Liveryman of the Worshipful Company of Security Professionals.

The Worshipful Company of Security Professionals is the 108th Livery Company of the City of London. Liveryman is considered the highest level of membership within the Worshipful Company and qualifies a member for election to the Court of Assistants.

Membership is drawn from the security industry in its widest sense and includes the industrial and retail sectors, serving and retired members of the police and armed services, consultants, academics, heads of security for corporate businesses, investigators and electronic surveillance practitioners.

A Liveryman is the highest level of membership within the Company and qualifies a member for election to the Court of Assistants from which further election, through the levels of Warden, to Master is possible. In keeping with City of London traditions there is a cap on the number of Liverymen within the Company. It is the prerogative of the Court to identify those Freemen who fit the qualifying criteria and invite them to be clothed in the Livery of the Company.

The ceremony took place on the 17th July 2020 via a ‘Virtual Ceremony’ with Raymond, (pictured), being invested into the Livery in a ‘clothing ceremony’ by the Master, Michael Barley.

Commenting on his most recent accolade, Ray explained: "Having been a Freeman of the Worshipful Company for several years, it is an absolute privilege to achieve the honour of Liveryman.

Whilst the industry continues to evolve and grow thanks to new technologies, it is important to preserve the knowledge and traditions that the Company so graciously stands for. I would like to extend my thanks to everyone involved with the Company and my peers in Australia for their support and best wishes."

It is not the first time Ray has been recognised for his contribution to the profession. He was awarded the Freedom of the City of London in 2014 - a privilege bestowed on valued members of the community, visiting dignitaries, and those who have achieved success or recognition in their chosen field - in this instance – security. Ray was also awarded the Australian Security Medal for Conspicuous Service in 2017 for his service to the security profession in Australia.

Some background to City of London Livery Companies.

The livery companies of the City of London were originally mediaeval guilds, of a kind which were common in cities all over Europe in the Middle Ages. In many ways they were the forerunner of modern trade bodies or professional associations.

The term “Guild” is said to derive from the Saxon word “gildan”, to pay, since members paid towards the costs of the brotherhood. Guilds were craft or trade societies. They protected consumers and employers against incompetence or fraud by training sufficient apprentices to provide an adequate supply of skilled craftsmen selling goods of true quality and weight. They helped workers by preventing unlimited competition and ensuring reasonable wages and conditions. They searched out inferior work and punished the offenders. They settled trade and domestic disputes by arbitration, while their halls served as centres for meeting and recreation. They generally held a monopoly over practicing their particular trade within city limits - to be a tailor, for example, you had to be a member of the Worshipful Company of Merchant Taylors. Becoming a member would entail serving an apprenticeship and passing a practical exam, ensuring that professional standards were maintained.

They were responsible for checking the quality of goods, weights and measures, and imposed severe penalties on those who broke the rules. They controlled imports and immigrant labour, set wages and working conditions. They trained the young and looked after members in sickness and old age.

In mediaeval times these trade guilds often performed a military role as well. Most of the large employers of a city were members of guilds, and so in an emergency they could quickly assemble all their apprentices and craftsmen to form a large, organised body of men of military age. Wealthy guilds could also afford to issue those men with high quality arms and armour at their own expense, turning them into a formidable military unit that was a match for any lord or baron's feudal levies.

This was a source of both raw power and civic pride, and many guilds - including those of the City of London, encouraged their members to train and drill at weekends to make themselves even more effective as soldiers, and then allowed them to parade through the city streets to show off their skills. Even as late as the English Civil War of 1642, the fact that London, with its trained bands of disciplined militia, decided to fight for Parliament instead of the King was a major factor in Charles's defeat.

These trade guilds morphed into Livery companies that continued the traditions and work of the guilds but  also served a social function, bringing members of the particular craft together and help them network, as well as staging banquets and ceremonies, both secular and religious. The money they collected in membership dues or as bequests was also used for charitable purposes - primarily for their own members who fell on hard times, but also sometimes to the general public. Over the centuries some livery companies became extremely wealthy, and funded schools, hospitals, alms-houses, churches, libraries and many other institutions.

In modern times these functions have almost all been abolished. A few livery companies still carry out traditional functions, but now on behalf of the State and with statutory authority. The social functions of the livery companies are still alive and well today, of course, and members benefit from the ability to go to banquets or attend open days etc.

The role of Livery Companies in charitable work has continued throughout the ages and the Worshipful Company of Security Professionals provides support to the education of  children from underprivileged backgrounds, providing them with opportunities for an insight into the many and varied employment and career opportunities in the City of London.

The Company also supports the benevolence of those working in the security industry, supporting them in their times of distress when urgent welfare support is needed.

The Company sponsors The Sheriffs Award that is open to members of the public as well as members of the Emergency Services, the Armed Forces and people employed in the Security Industry in the UK, recognising their acts of bravery in crisis situations, providing a Certificate of Recognition as well as a financial reward.

The Worshipful Company of Security Professionals continues the ideals of its founding fathers and mediaeval trade guilds supporting youth, education, professional development within the industry and its charitable works.

As an Australian citizen it is an honour to be able to maintain a direct ancestral connection to the London Livery Companies that goes back to the late 1700’s and a privilege to be ‘enclothed’ as a Liveryman of the Company.


Tuesday, 14 April 2020

Business security during temporary closure




In these "unprecedented times there is a need for businesses to prevent crime and stop criminals from taking advantage of the situation.

Here are some crime prevention tips to increase security to properties that are temporarily closed:

  • Remove all valuables from storefront displays to help reduce smash-and-grab thefts.
  • Remove all valuables such as cash from the till and leave it open. Place cash tray in plain view on the counter to signal there’s no money in the till.
  • Remove signage from front windows so police can see the inside unobstructed during patrols.
  • Consider installing an alarm monitoring system. If you already have one, ensure the contact list is up to date.
  • Clearly post signage on the door/window to indicate that the premises are monitored by an alarm company; that no money is kept on the premises and contact information for police and the business owner in case a member of the public sees damage to the property or suspicious activity.
  • If the premises are closed for an extended period, clean all glass surfaces and create a tracking log of when cleaning was completed. This may help investigators with suspect fingerprints in the event of a break-in.
  • Consider installing a surveillance camera system that can be monitored online by owner/management.
  • Consider using a laminate on all windows and glass doors to prevent the glass from being broken from blunt force. Although damage to glass will occur in a break-in attempt, it will greatly discourage or prevent entry.
  • Install latch guards on doors to protect against prying including on secondary doors such as employee and loading entrances.
  • Keep some lighting on inside for surveillance opportunities during the evening.
  • Ensure all doors are properly secured and regularly check all exterior lighting is functioning.
  • Remove material around the exterior of the property that may be used to gain entry into the premises such as bricks, metal poles and construction materials.




Wednesday, 14 August 2019

Security guards role in preventing crime or terrorism


Our current security environment is dynamic with many threats to our businesses and personal lives.

Terrorism still a major concern both in Australia and overseas.

We place a huge responsibility on in-house or contracted security guards’ shoulders to ensure that our facilities and premises are safe from terrorist and criminal attack.

This requires guards’ to be alert, disciplined in their observation and reporting skills and have a mature, experience-based knowledge of people’s behaviour in determining what activities and actions may be innocent and what may be suspicious and of security interest.

As a security guard, your observations and reports form the basis of any intelligence led drive towards reducing the risk of criminal or terrorist action against your company or client.   Log Sheets detailing information relating to suspicious activities, provides security and risk managers additional information that assists in analysing the event, passing information on to Police for further action and hopefully reducing the threat through proactive security measures.

What then are we looking for?

Unusual videotaping or photography of official buildings, corporate headquarter offices, shopping malls, churches or critical infrastructure.

Videorecording is one of the ways terrorists gather information about a target. In 2001, a major terrorist plot in Singapore was averted when videotapes of buildings to be attacked, including the Australian High Commission, were discovered.

Be aware and be alert to any suspicious activity of persons filming the area where you are stationed.

Suspicious vehicles near significant buildings or in busy public places

Terrorists and criminals use vehicles for many different purposes, from surveillance to planting bombs, such as in Bali.

Vehicles may be parked for an unusually long time, sometimes in no-parking areas.

Explosives can be heavy, so cars and vans may sit abnormally low on their suspension.

They may be out of registration or have false or missing number plates. Overseas, a terrorist attack was foiled after police became suspicious of a car with front and rear number plates that didn’t match.

Criminals may visit premises several times to gather intelligence on behaviour patterns of staff and security in order to seek the best time to commit a crime with the least possible chance of detection.

False or multiple identities

Terrorists and criminals frequently use stolen or fake documents, including passports and driver’s licences. They can also have several identities and may give conflicting details to those they come into contact with.

Overseas, alert bank employees noticed a series of unusual transactions and identified an account that had been opened in a false name. They reported it to authorities, who uncovered links to a terrorist group.

Unattended bags

If you see an unattended package or bag in a public place, with no apparent reason for being there, here’s what to do:

·                Ask if anyone owns it.

·                If no one does, don’t touch it.

·                Alert others to keep away.

·                If in a shopping mall or building where there is mass gathering, contact their security, or

·                Call local police or the National Security Hotline on 1800 123 400.

Please Accept Heightened Security

Security has been substantially increased in Australia. It can seem an inconvenience, but it is important to remember that these measures are in place to protect us all.
 

As security guards, you have an important role to play in our overall protective strategy within this heightened security environment

Security Officer Initial Incident Investigations



“The provision of security patrols as well as controlling crime scenes identified during a patrol is a responsibility not only expected of us by business; it is an expectation of society that we carry out these functions and carry them out in a professional manner”

As the guard on the spot, it will often be up to you to undertake a preliminary investigation which will assist Police or Agency investigators in their overall investigation into any crime or security incident.

You must determine the boundaries of the crime scene, which will require an initial investigation.  A premature definition of the crime scene may cause loss or destruction of evidence outside the established area defined as the crime scene.

Use your senses to determine the boundary of any crime or security incident scene. 

Yours eyes can notice the obvious evidence, including evidence of entry points or exit points but you must also identify other physical evidence that may appear to be out of place or just shouldn’t be at the scene. 

Your ears can identify unusual noises or sounds that do not belong at the scene (it could be someone running away from the scene or machinery running that would not normally be operating). 

Use your sense of smell to determine unusual odours that do not normally belong at the scene of the crime scene.  Is there a small of gas, alcohol, petrol or other odours?

Once the crime or security incident scene has been established it must be protected.  This can be accomplished by the observance of the following three rules:

1.         Protect

2.         Preserve

3.         Make Notes

Protect the Scene

The first priority once you are on the scene is to prevent unauthorised access to the crime scene area.

This means that all personnel, bystanders and anyone else who happened to be in the area to stop to look, be prevented from entering the crime scene area. 

Ask all personnel in the area if they know anything about the crime then direct all unauthorised personnel to leave the area and remain outside the area until told to return by Police. 

Ensure that witnesses or persons of interest must be asked to remain in the vicinity, outside the crime scene to await Police interview.

Preserve the Scene

Preserve the scene exactly as it was first discovered.  Nothing must be moved, removed or altered in any way; and no evidence, real or suspect, may be added to the scene.  This merely confuses the scene for qualified experts who must, from the evidence, reconstruct the crime.

Complete crime scene protection will enhance the security guards’ image and greatly improve crime solution potential.

The best way to achieve this is to keep your hands to yourself.

Making Notes

In the initial stages of protecting a crime scene, there is normally a certain amount of confusion.  It is important that the guard realize that time is vital and that many details he/she has seen will quickly be forgotten unless committed to a notebook.

The moment the guard arrives, he/she should commit important information to their notebook.   The date/time of arrival, the date/time of occurrence, who was present on arrival and what happened.  Also, who initiated the call in the first place and all other pertinent information pertaining to the crime scene.  

As soon as possible after arriving at the scene, the guard should attempt to reconstruct, in their mind, the crime scene to be protected.   This reconstruction may lead to further evidence that was not readily apparent upon arrival or after an initial search of the area.  In some instances, a small sketch in the notebook showing the scene as it was found can be of great value for future reference.

Ensure that your notes are accurate and complete.  They may prove to be invaluable as the investigation progresses.

By using all of your senses, your intellect and keen observation skills, recording and noting everything that you see, smell, hear and feel, you will be not only assisting investigators but also enhancing your own reputation as being a credible person to be entrusted in the important role of protecting and preserving crime scenes and security incident scenes.

The Security Log


The Guard Log needs to provide as much detail as possible in relation to any incident that is being reported. 

It is essential that it is accurate, and you take the time to reflect on the incident and provide as much detail as possible.

This information may become critical if the incident requires further investigation.  It may also assist in providing information to other areas, if they need to be alert for similar activity. 

The following guide is not exhaustive; however, it provides an example of the type of information you should attempt to detail in your logs:

·              Date and exact time of incident.

·              Exact location. Attach a diagram if necessary.

·              Direction of movement of vehicles or persons, attach a sketch map showing streets, building locations etc.

·              Vehicle description; make, model, colour, type (sedan/hatch etc) registration (NT, ACT, NSW etc), any distinguishing features? (mag wheels, body kits, exhaust note etc).  Direction of travel?  Had it been seen in the area before?  Was it speeding/cruising?  What were the occupants doing? How many occupants were there? 

·              Description of suspect persons; age, sex, ethnic group or nationality, height and build, hair colour, what where they wearing? (colour, logos, hats, backpacks, footwear).  Did they have an accent?  Distinguishing features (beard, moustache, scars, glasses, tattoos).  What did they say? How were they acting?  What made you suspicious? Did you say anything to suspects? What was their reaction?

·              Following any suspicious activity, a detailed search of the perimeter of the building should be conducted.  Check for signs of forced entry on all external doors and windows.  If evidence of forced entry is found, call the police the clients duty manager.

Care should be taken not to disturb the crime scene.  Do not touch anything and keep any bystanders away from the area until the police arrive.

·             Remember you are on site to identify and report any suspicious activity.  Your safety is paramount.  Do not give chase or attempt to apprehend any suspect persons.  If the situation may lead to a risk of harm, call the police and let them deal with the situation.

It is essential that any suspicious event that occurs on your shift is detailed in the log and brought to the attention of other team members on hand over.  

Although the logs should be regularly reviewed by the client, it is important that any unusual activity is highlighted and verbally reported to the client as soon as possible.

The client is thus able to analyse the information giving additional value to the work that you do: