security-management

E-learning and counter-terror training are increasingly popular, survey reveals

PROFESSIONAL DEVELOPMENT More than half of security professionals cited counter terror as an area they d like to train up in, according to a survey about training needs in the industry. Asked which topics they are most keen to upskill in, respondents most commonly said security management (63%), followed by security consultancy (61%), counter-terrorism (55%) and crisis management (47%). The survey, which was conducted by the Linx International Group, also reveals that continuous professional development (76%) is the biggest motive for undertaking training, followed by certification/training (71%) and personal development (64%).

Just over half (51%) of all respondents who are employed in a range of sectors, both public and private paid for training themselves, while 45% were funded by their organisation and 4% were financed by other means. Most security professionals said training had a meaningful benefit to themselves, their organisation and the security industry as a whole but the biggest benefit was to their own career prospects (81% recognised the benefits versus 74% for the industry as a whole and 68% for their organisation). Classroom-based training remains the most popular teaching method, e-learning is growing more popular. Some 60% of respondents having already taken part in some form of e-learning and 70% likely to do so in the future. A majority of respondents also expect their participation in distance learning, blended learning and training led by a virtual instructor, to rise. There is a clear trend towards upskilling and individuals taking responsibility for their own career development, as well as demand from industry for better qualified, certified and accredited professionals, said Ken Livingstone, group training director of the Linx International Group, which provides security, risk management and training services. This is evident through our support of the CTSP a professional register of Certified Technical Security Professionals with applications for Registration already in the hundreds within the first month of its launch. Linx International Group surveyed 1,000 respondents from around the world, with UK and Ireland accounting or 49.46%, followed by Africa (19%), mainland Europe (13%), Middle East (8%), Asia (5%), US and Central America (4%) and Australasia (1%). The research was conducted by the Linx International Group on behalf of its group companies: Linx Consultancy, ARC Training, Perpetuity Academy and Tavcom Training.

Free Download: The key to mitigating cybersecurity risks Exploiting IoT technology without creating cybersecurity vulnerabilities is one of the defining challenges in today s security landscape.

This report will help you to see why third parties should adhere to secure by design principles and why the necessary convergence of IT and security departments demands a holistic approach .

Download now Related Topics Security to be tightened at Christmas markets amid fears of Berlin-style attack At least 50 reported dead and 400 injured in Las Vegas shooting Finalists announced for the Security & Fire Excellence Awards 2017

How to keep your entertainment venue safe following terrorism

Hospitality industry In the wake of recent terror attacks, venue security has never been more paramount. This coupled with the increase in venue closures has led to a sense of sadness within the industry, however in times like this we must remember the positives; the provision of safe places with security, medics on standby, regulated drink sales and curfews. When Fabric was forced to close in September 2016 it was a decision made in the name of the war on drugs, with Islington Council, supported by the Metropolitan Police, moving swiftly after the deaths of two clubbers there in the space of nine months.

Club closures Closing venues like Fabric, which thankfully was reprieved, will not stop clubbers taking drugs. While Fabric survived, there is a long and depressing list of London venues that have closed in the past decade half of the capital s clubs have shut in that time. Make no mistake, this situation is a threat to London s status as a world-class culture hub with a 24-hour nightlife. When the Night Tube service was launched there was great excitement, but you wonder where all these trains will be taking people in a few years time. When these venues close, it s not simply a case of replacing them with something else. Fabric, along with countless other clubs, has its own rich history and identity, something you can t just replicate somewhere else. Avoiding licensing issues There are steps venues can take to avoid falling foul of the licensing committees. We work as closely as we possibly can with the local authority and the Metropolitan Police because dialogue and sharing ideas is a much more healthy approach than clashing over regulations. I m proud of what we achieve at Troxy every day.

We provide a safe, secure venue in the heart of one of the world s biggest and most vibrant cities which helps people create new experiences, discover new music, create new memories and simply live life. When it comes to venue security, the tragic bombing at Manchester Arena caused most venues to reflect and review their security measures. Even before then we had taken steps along with other major venues and festivals to put counter-terrorism measures front and centre of our security policies. Strong police relationship Our relationship with The Met is strong, and we have ongoing conversations with them which includes swapping information before and after events. This allows us to be kept in the loop with regards to the very latest security information and flag up any events the police might have concerns about. The police offer a great service in the form of Project Griffin their counter-terrorism training programme, something we ve put our entire senior management team through. It s free and is aimed at deterring and detecting not just terrorist activity, but crime as well. We work hard to identify potential problems before they might arrive, and we re mindful when liaising with promoters who want to bring artists or shows to Troxy that there might be potential risks. Bringing venues closer together However, amidst all the sadness that these tragic events created, events such as venue closures or terror attacks have helped make our industry stronger.

These horrific events have brought venues closer and helped created a greater sense of community as the industry pulls together to support one another and ensure everyone who steps through our doors is kept as safe as possible. We can t speak for other venues, but this heightened threat level has ensured we re constantly reviewing our security measures to make certain they match the heightened threats. The events industry is brimming with innovation, creativity and is always pushing boundaries to enhance the experience for artists and guests. I do believe other industries can learn from what this industry achieves every year. Our practices around entry and exit, security and safety are constantly evolving. At Troxy we re used to holding multiple shows in one week, all of which present different challenges. From a sold-out drag night to a rock gig, we host events of all shapes and sizes and approach each of them with the same vigilance and care. In the end, it s all about the people who come through our doors. We want them to have an incredible night and create great memories that will stay with them forever, but we must also ensure we create a safe, problem-free experience as well.

This article was first published on our sister site, SHP Online. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Watch: NSI CEO Richard Jenkins on IFSEC TV

IFseC 2017 Watch Richard Jenkins, CEO of the National Security Inspectorate (NSI), speak to IFSEC TV during IFSEC 2017, which took place at London ExCeL. Watch more videos from IFSEC 2017 here . embedded content Richard Jenkins also championed the Engineers of Tomorrow competition, which the NSI sponsors.

embedded content Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape. Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.

Click here to Download now

I asked criminals whether security measures ever deterred them.

This is what I learned

Ask offenders why they choose the target they do and they often reply: Because it was easy. And this is true despite the fact that security measures are in place. This tells us there is a real difference between having security and having security that works, Indeed, offenders tell me when I interview them in prison that they rely on security not being excellent; when it is excellent it puts them off.

So the key question is not the difference between poor security and good security as it is all too often mistakenly framed it is: What is the difference between good security and excellent security? That is the key question to address as we move forward. Some people say that the trouble with security measures is that they can all be circumvented, that nothing works. I believe this to be taking the wrong emphasis. The truth is everything works but only when effectively delivered developed and matched to risks in context. Now despite what some people say this is a really difficult task. Underestimated skill sets Many, including in my view many security professionals, have underestimated the skills sets required to be excellent at security. It is serious stuff. Think of it like this.

Every business process is a potential security risk. An excellent security professional team will understand all of these. Every single person is a potential security risk. Every excellent security team will understand all corporate roles. Every business process and every person will in fact be a key ally in excellent security. Security people who are excellent will understand the business, the risks, internal and external threats, match measures to risks, be proportionate, take account of freedoms, be sensitive to the aims of the business and ensure security complements these. Good measures needed to be matched by well trained people and they needed to work together and that rarely happened It is for this reason that I have been involved in developing the Outstanding Security Performance Awards . I think there is a good case for having standards, regulation and training; they are all in different ways potential contributors to good security and maybe excellent security too, sometimes. But we must realise that excellent security requires business expertise, a deep knowledge base, an ability to relate to many business departments (and therefore there is a requirement to understand them), and to engage people meaningfully in supporting actions that are not always their core interests.

I recall an interview I had with an armed robber a few years back now, but the message sticks with me. I was talking to him about the risks of getting caught, pretty serious if you are an armed robber. I thought this would be a constant worry. He said that he never worried. Assuming too much He was a prolific robber and rarely got caught. He argued that the trouble with security measures and security personnel was that they assumed too much. His point was, put simply, that good measures needed to be matched by well trained people and they needed to work together and that rarely happened. Well he was caught in the end of course although he said he was grassed (maybe, a lot say that!). Security needs to speak up for itself, argue its case: that it is a key business function, enabling the organisation to make a profit even in risky contexts.

Security people excellent ones at least are crucial parts of business, not nice to haves. We have shown this time and time again in successive Security Research Initiative reports. The question is: Is the security sector and its personnel ready for the challenge? Professor Martin Gill among, by the way, our Top 50 influencers in security and fire 2017 is sitting on a panel discussing current trends and the future of the security industry at IFSEC International 2017. Details below: Professor Martin Gill / Current trends and the future of the security industry / Security Management Theatre / IFSEC 2017, ExCeL London / 20 June 2017 / 10:20- 11:10 IFSEC International takes place between 20-22 June 2017 at London ExCeL. Get your free badge now. Visit Europe s leading security event in June 2017 Visit IFSEC International for exclusive access to every security product on the market, live product demonstrations and networking with thousands of security professionals. From access control and video surveillance to smart buildings, cyber, border control and so much more. It is the perfect way to keep up to date, protect your business and enhance your career in the security industry.

Click here to register your place now to join us at London Excel on 20 22 June 2017.

Top Down Security (or How To Learn To Love Information Security …

Originally published on the Darlingtons Solicitors Blog1 23.11.12

You say the word security to people and get a variety of responses or perceptions. Some people think of manned guarding and a nice guy who works the barrier and checks the CCTV images to keep everyone safe. Others go a bit Mission Impossible and imagine consultants dangling from wires, testing floor pressure pads in secure areas whilst hacking into the Pentagon.

And yet more others regale you with tales of every night club they have been asked to leave by a man in a black puffy jacket.

This post is not really about any of those perceptions, it is about a business enabler and how it is placed in successful organisations. I can appreciate that compared to Tom Cruise dangling from the ceiling this may appear dull, but as far as business goes, it s a bit more useful.

According to the Ernst & Young Global Information Security Survey 20122, there is a real gap between where Information Security sits within organisations and where it needs to sit. As Security Consultants we know this to be true and are also aware that other disciplines, FM for instance have also had a bit of a battle to get a voice in the boardroom.

Given the interconnected nature of so many business areas, joining the dots and having top-down policy and behaviour, has never been more important.

Milky Way and our Solar System image Ecology.com

As we are talking about Information Security (IS) let s put it in perspective. IT security is the vital technical security of IT such as firewalls, encryption, password policy, patches etc. How an organisation behaves with regard to security of information is a much larger area. (If the organisation s use of Information were the Milky Way for instance, IT might be our solar system see picture).

The rest of the organisation uses information in a myriad of ways, not always electronically and not always on a device (at least not one that IT is aware of ) the rest of the organisation may be vast and so the potential for compromised information is exponentially increased. Especially if everyone thinks that IT do security .

IT departments traditionally do not have a formal risk assessment mechanism. Risk is something a whole business faces not simply the systems in IT important as they may be.

An organisation s IS needs to be aligned to its Risk Appetite but if accountability for it is placed in IT then realising this will be challenging.

Business solutions are not always technical or IT based.

At the end of the day the users are people and people make mistakes or behave in questionable ways. Around 80% of data breach is generally accepted to be human error or malice. Technology can t mitigate all of that risk; you need to consider policy, procedure and education of these concepts through your organisation.

Hopefully you can see now why we are moving out of the realms of IT and into the realms of business centric solutions that cut across silos, not reinforce them.

Risk is a part of business, without risk there is no innovation and nothing can exist for long in a vacuum. Therefore it is vital to know how far you can push something before it becomes too great a risk. Not from an instinctual level but from a tried, tested and accepted level that comes from the boardroom via regular review.

So understanding your organisation s risk appetite and tolerance is vital. Aligning your IS policy and procedure to that appetite seems logical if not essential, yet 62% of organisations surveyed did not align IS to Risk Appetite.

How then can an organisation securely implement something like Bring Your Own Device (BYOD) which sounds on the surface like an IT project which won t be aligned to Risk Appetite? So in other words, the risk attached to allowing employees to use their own devices, which may mean access to corporate networks and drives, access to sensitive information, has not been assessed in terms of the business s overall appetite.

So rogue apps (which we hear about every week) for instance could be scalping data from the device on a regular basis and the user would be unaware. Previously, it was the user s data alone that was compromised, with BYOD the scope of data available increases vastly as an organisation s information assets open up to that user.

The Ernst & Young survey highlighted the need to bring Information Security into the boardroom. Perhaps asking who owns the risk or who is accountable for the Information risk is where to start.

Well according to this survey only 5% have Information Security reporting to the Chief Risk Officer, the person most responsible for managing the organisations risk profile. Placing responsibility within IT can cause ineffective assessment and alignment with not only Risk but with Business priorities.

If 70% of the respondents are stating that their organisations IS function only partially meets the organisational needs, it becomes clear that this is a ship that has set sail without a map. IS needs C level direction and input, it needs to have the support of the board, be implemented and understood top-down and really start to make a positive impact on business growth by enabling it to happen securely, with threat and risk awareness, accountability and mitigation.

It was initially encouraging to read that almost 40% of organisations planned to spend more on IS over the next 12 months.

But on reflection, if this is going to be mainly directed by IT departments unaligned to Risk, unconnected to the board and occupying a similar space as the sun in the Milky Way or an organisation s Information usage, it is doubtful that the dissatisfied 70% of organisations who feel IS is not currently meeting their needs, will reduce.

What is concerning is that this could end up looking like wasted spend on Security, when in actual fact it is merely a potentially unwise or undirected spend.

The upshot could be through a lack of board level understanding, that future spend then has a line run through it instead of under it.

E&Y visuals security survey 2012 1E&Y visuals security survey 2012 2E&Y visuals security survey 2012 3All data sourced from Ernst & Young Global Information Security Survey 20123, all visual representation copyright of Advent IM and not to be reproduced without express permission.

About these ads4

Like this:

Be the first to like this.

References

  1. ^ Darlingtons Solicitors (www.darlingtons.com)
  2. ^ Ernst & Young Global Information Security Survey 2012 (www.ey.com)
  3. ^ Ernst & Young Global Information Security Survey 2012 (www.ey.com)
  4. ^ About these ads (en.wordpress.com)