May 17, 2012

Posts Comments

You are here: Home / Archives for Security / Physical Security

Personal Security and Preparedness Matters

June 1, 2011 By Leave a Comment

By: Lisa DuBrock, Contributing Writer

For those of us living in big cities, at some point in our lifetimes we may be living in a high rise apartment or condominium building.  Unfortunately just because you take an elevator to your home every night doesn’t mean that you are safe.

Having lived in a ‘condo’ building in downtown Chicago for 5 years in my late 20’s, I found this article interesting.  I also chose my building because it had 24 hour doorman and I wanted someone to know who went in/out of the building.  I didn’t think of it in terms of personal preparedness or personal security at that time, but that was exactly what I was doing.

This article just reminded me that no matter where you live it is a matter of risk and reward.  If you live in a high rise maybe there are a few pointers here for you too.

Read an interesting article on personal security matters.

Photo courtesy of and credit to huhinsurance.com

Filed Under: Physical Security, Security Tagged With: ,

Private Sector Preparedness (PS-Prep) + Emergency Management = Critical Infrastructure’s Future in U.S.

May 30, 2011 By Leave a Comment

In the aftermath of the Gulf of Mexico’s Deepwater Horizon Oil Spill (the nation’s worst environmental disaster), governmental emergency management teams faced the reality that more effort is required to proactively begin building relationships with private-sector partners.

In a recent article written by Austen Givens, entitled,Deepwater Horizon Oil Spill Is an Ominous Sign for Critical Infrastructure’s Future”, you can review the methodology that Givens uses to make that strong case for the need to have our government’s emergency managers engaged with the private sector in cooperative efforts of mitigation, preparedness, response and recovery efforts.  The objective of his article is expressed best when Austen Givens states, “…The Deepwater Horizon disaster offers countless lessons for emergency management on the need to forge deep, lasting ties with the private sector. With 85 percent of the nation’s critical infrastructure in the hands of businesses, and complex system failures becoming an increasing reality for emergency managers, building bridges across the public-private sector divide is imperative for emergency managers in government.”

In short, critical infrastructure in our communities is vulnerable to disruption and the private sector — not government — is in charge of most of it.  And, if that private sector is going to be adequately prepared for that interaction, then everything must be done to support continuous improvement of disaster preparedness levels throughout the private sector. The PS-Prep program is certainly qualified to be one of the players to make that happen. This story by Givens brings our attention to this matter in a very relative way.

This website has set an objective to provide a one-stop location to learn about and be provided with ongoing updates of developments in the PS-Prep program.  Our staff continues to welcome comments and input from our readers to help us achieve that goal.

Read more about Austen Givens’ position on this timely and critical infrastructure-related topic.

Photo courtesy of blog.gmfus.org

Filed Under: Physical Security, PS-Prep Program, Risk Management, Safety Tagged With: , , , , , , , , , , , ,

New Security Survey Indicates Increased Executive Interest in 2011

May 10, 2011 By 4 Comments

In the 2011 Strategic Security Survey conducted by Information Week (IW) —  findings seem to indicate that businesses are finally starting to understand that when it comes to security, everyone needs to pay attention.  To that point, an article written by Michael Davis, IW contributing writer, does a fine job in citing particular findings to support that increased interest in security by C-level managemers.

As Mr. Davis points out, the survey also addresses a common complaint from security pros — i.e. top executives don’t consider security a priority.   As one survey respondent comments, ” Upper management rarely considers the value of security — until an attack or breach occurs“.  Survey results, however, seem to point to an encouraging movement  around both levels of management buy-in and levels of adequate funding — long regarding as additional problems often facing security pros.  And, as an answer to those concerns, the survey indicates that when asked what might increase their company’s vulnerability to attack, the number of respondents citing “budget constraints” fell by eight (8) percentage points compared to 2010.

Other survey results also seem to be very promising.   For instance, both the CEO/owner and CFO are now showing an increased interest (involvement?) in security policy decisions as well as in levels of security $$ spending.  In 2010, only 27% of CEO’s and presidents were said to be involved in security policy decisions; in 2011, it jumped to 34%.  In 2010, 46% of CEO’s and presidents were said to be involved in security spending descisions; in 2011, it jumped to 52%.  As for CFO’s , 56% are involved with security spending, according to the IW 2011 survey, up from 52% in 2010.

If security related issues are a major cocern or topic for discussion of your risk management or business continuity planning teams, then please recommend them to read more about the results of this strategic security survey.

Photo courtesy of  blog.cenzic.com

Filed Under: Business Continuity Info, Cybersecurity, Environmental Security, Information Security, Physical Security, Security Tagged With: , , , , ,

2011 Hurricane Season Seminar to Be Held In Houston, TX

April 9, 2011 By Leave a Comment

The 2011 Atlantic hurricane season will be an event in the annual cycle of tropical cyclone formation. The season will officially start on June 1 and end on November 30, 2011.  And with about 7 weeks before the start of the season, your organization’s disaster preparedness and recovery teams may want to consider attending one of the largest business-focused disaster preparedness events in the region with attendees coming from throughout North America.

The seminar event is titled, “The 2011 Hurricane Seminar for Business and Industry:  Innovation, New Techniques and What to Expect in 2011” will be hosted at the Hilton Hobby Airport in Houston, TX, on May 24, 2011.

You can register for this event at hurricaneseminar.com.  

For additional comments and thoughts on this event, click here to read a related posting by Fred Rogers on the YourWeatherBlog website.

Photo courtesy of eci.com

Filed Under: Business Continuity Info, Physical Security, Security Tagged With: , ,

Egypt Internet and Mobile Phone Blackout Teaches an Important BC/DR Lesson

January 29, 2011 By Leave a Comment

What is the lesson?

As Tony Bradley states in a recent article, “… Basically, it boils down to the Boy Scout maxim “be prepared”. Your government may not stoop to the sort of draconian tactics being used by the government of Egypt, and you may have very little concern about a state-sponsored Internet blackout, but that doesn’t mean that your Internet access can’t be interrupted. Regardless of whether your loss of communications is a result of a nefarious government blackout, a catastophic natural disaster, or simple human error, if it happens what will your “Plan B” be?”

This article was recently posted on the PCWorld website, and, while this is not the first time such an event has affected an organization’s resilience and ability to keep its doors open for business, it remains a strong reminder for many of the business continuity and risk management planners to evaluate the levels and probabilities of similar threats to their own organizations, and propose, test and adopt appropriate risk mitigation responses to such disruptive events.  And of course, this is the case also for having indirect supply chain management issues related to business in Egypt as well.  And for many private sector businesses in the United States who do business in Egypt, this is a reminder to focus more efforts on emplimenting one of the standards recommended by the PS-Prep program.

Again as Mr. Bradley asks, “. Are there alternate systems or methods of conducting business that you can fall back on until the issue is resolved? Do you have a plan for addressing the issue and working to restore access as soon as possible? Will you just pack up and go home and hope for the best?

Click here to read the full article and all of the important related links offered in that article.

Filed Under: Business Continuity Info, Cybersecurity, Organizational Resiliency, Physical Security Tagged With: , , , , , ,

Risk Management, Business Continuity and Workplace Violence

January 27, 2011 By Leave a Comment

The potential of workplace violence affecting a company’s business continuity or disaster preparedness planning process was certainly an issue which seemed to gain prominence in many of the related news accounts on this topic that were released in 2010. 

One of our readers, Michael W. Wanik, CPP, CBCP recently submitted his thoughts on this topic in a related article entitled “The Employer’s Duty in Regard to an Active Shooter Scenario” where he wrote…

I’ve been involved with the supplication of private security services since I left the military in late 1984. During the time since, I’ve seen the security attitude pendulum swing back and forth a few times.

I witnessed first-hand the trend wherein sensitive duties and responsibilities were stripped from security officers. The hands – off approach was designed to remove liability from actions taken by the officer. Weapons were removed from security officers and first aid training was stopped. I can remember speaking with end users who preferred that the local constable or emergency service be summoned by 911. With the responder was a large insurance policy in the trunk of which the end user corporation saw great value.

Boy, how times have changed. Since 9/11 and Katrina, we have been told by our government that we need to be self-sufficient. Response to us can’t be immediately expected – we should be able to hold our own for three days. We’re again seeing armed security officers and first responder duties appear, if not on the ground; in conversation.

Institutional response to Active Shooter scenarios are also being discussed and interpreted more often. Incidents like Tuscon, Hartford Distributors, Columbine, Mumbai and Virginia Tech have changed expectations of employers and employees alike.

Educational institutions have not been afraid to create and train to policies surrounding the successful lock down or evacuation of a population through various mechanisms. Most employers, however, are just arriving at an initial analysis of an Active Shooter scenario and asking what they should do. The Department of Homeland Security gives short instruction to persons in the area of an Active Shooter: 1) flee, 2) hide, or 3) overpower the shooter if you can do so. They do not however give employers instruction on what actions they should take.

Many of my clients question out loud; should they hit the fire annunciation system? Should they try and do some sort of e-mail or overhead page?  What will their liability be if someone flees into an area where the shooter exists or has traversed to?

The pendulum is swinging. Business understands the need for the provided HLS guidance. They are better understanding what type of risk their business faces whether they do or don’t publicize response to an active incident. Therefore, they are making plans.

According to news reports about the recent Discovery Channel shooting, company leaders made announcements over an intercom for employees to avoid the main lobby. Reports indicated employees were understandably confused; not knowing what the situation was or which direction to proceed. But at least they were tuned into an issue so they could turn on their survival instincts. Discovery Channel had a plan for this fluid situation.

The sad reality of our world today is that employers must think about a response to an Active Shooter scenario occurring in their workplace environments, be they wholly occupied or in a multi-tenant building. Business needs to take a lesson from the education sector.

Beyond doing the right thing for the employee, continuity of business operations depends upon it. “  

Mr. Wanik has also authored a related article (“Managing Your Workplace Violence Risk“) on his company’s SSCSecurityMatters website and is offered as additional reading material for those risk management team members in your organization responsible for the security and safety of all who are employed by that organization.  Click here to read that full article.

We welcome other comments and thoughts on this relevant and potentially critical element of organizational behavior as well as risk management dynamics now facing a company’s efforts to “plan for the unexpected” in their business continuity planning process.

Filed Under: Business Continuity Info, Physical Security, Security Tagged With: , , , , , , , , , ,

iPhone PatriotApp – "Game Changer" or "Big Brother"?

December 17, 2010 By Leave a Comment

In an recent article written by Matt Liebowitz and posted on the http://www.msnbc.msn.com/ website, we revisit an updated version of a very controversial application for iPhones which is getting a lot of buzz again on the web.  And, while it is gaining popularity, it is at the same time, also attracting scorn from people who disagree with the controversial law on which it is based.  That application is called the “PatriotApp” and can be downloaded free from the iTunes store website.  You can find more detailed information also on the www.patriotapps.com website. 

Launched in September, the “PatriotApp” allows people to report criminal or suspicious activity to several federal agencies, including the FBI, EPA, CDC and GAO (Government Accountability Office), the office responsible for investigating public funds. It also includes RSS feeds for the FBI’s Most Wanted list and the Department of Homeland (DHS) Security’s threat level, and allows people to report workplace harassment and discrimination. 

Playing off the Patriot Act name, “the app was founded on the belief that citizens can provide the most sophisticated and broad network of eyes and ears necessary to prevent terrorism, crime, environmental negligence, or other malicious behavior,” according to Patriotapps.com.

Our staff has been following this story since it was introduced last September, and from the information discusssed in Mr. Liebowitz’s, we believe it should be brought to the attention of those risk management, physical security, network security and disaster preparedness team members in your organization. 

Click here to read Mr. Liebowitz’s full article and follow the links to other locations addressing the controversy surrounding this latest attempt to increase our awareness and ability to achieve real time reporting status of conditions which have the potential to become a disruptive event for ourselves, where we live and for the companies where we work. 

Do you have a strong opinion about this technology approach?  Do you see it as being more of a “Big Brother” control play?  Or, do you see it as the kind of “game changer” claimed in Mr. Liebowitz’s article?

Filed Under: Physical Security, Safety, Security Tagged With: , , , , , , , , , , , , , ,

Security Preparedness Resource Offering from WIRED Magazine

November 23, 2010 By Leave a Comment

One of our readers, who is a member of the business continuity planning committee for their organization, submitted the following suggestion for posting on our website. 

A recent addition to the WIRED magazine’s resource list is a Danger Room website link.  The information on this website may be a great additional resource for the reference libraries of those members of business continuity, risk management, physical security and network security teams trying to be as proactive as possible to strengthen the organizational preparedness levels of the companies where they work.

Danger Room correspondents deliver boots-on-the-ground reporting from war zones, danger zones (like Haiti) and power zones (like Washington, D.C.).

From wonder weapons to secret jails to leaked military documents, Danger Room could be your 24/7 source for news, articles, and data about what’s next in national security and how that information might have an impact on your organization.

If applicable, please pass this information along to those disaster preparedness, organizational readiness and resilience team members in your company.

CLICK HERE to view the website – or, on TWITTER: @dangerroom.

Filed Under: Business Continuity Info, Organizational Resiliency, Physical Security, Security Tagged With: , , , , , , , , ,

NIST Offers Information to Assist Evacuation Preparedness for High-Rise Buildings

October 18, 2010 By Leave a Comment

Recognizing that disaster preparedness and disaster recovery planning play important roles in business continuity and risk management planning, our staff would like to make you aware of a recent National Institute of Standards and Technology (NIST) posting on the Homeland Security Newswire web site.

For those readers of this website who work in organizations that are resident in high-rise building locations, we especially would like to bring your attention to this posting – because the information it offers will provide valuable input to the planning by those organizations for emergency response and crisis management direction regarding evacuation from high-rise buildings.

If your organization is located in a high-rise building and you would like to have your risk management and disaster recovery teams receive this information — please pass this information along to those disaster preparedness and disaster recovery planning team members.

Click here to read the full article and follow the related links to receive this information.

Filed Under: Business Continuity Info, Homeland Security Dpt, Physical Security Tagged With: , , , , , ,

Managing Workplace Violence Risk

September 1, 2010 By 1 Comment

This website is happy to announce the addition of Michael W. Wanik as one of our contributing writers addressing the topic of security management.  The following article, which discusses workplace violence as a risk management concern, is the first in what we hope to be a long string of articles presented to our readership by Michael.

Managing Your Workplace Violence Risk

By: Michael Wanik, CPP, CBCP

In August this year, a horrific act of workplace violence occurred at a Manchester, Connecticut business. An employee who had been confronted after he was apparently documented on video for stealing product opened fire on his coworkers and supervisors. At the end of the event, eight employees and the shooter were dead.

As you might expect, an act like this causes business leaders and employees to review their risk management strategies, policies and procedures.

Additionally, our phone began to ring with inquiries about workplace violence and what could be done to avoid it. Our answer to these inquiries was that there is no singular solution to prevent such an act, and, as a result, an organization must address many different aspects of risk management if they wish to avoid or at least mitigate the possibility of having that kind of incident occur to and at their own organization.

First, let’s level set. Not every workplace violence event is a multiple victim homicide. Each and every day there are events in the workplace that can and are categorized as workplace violence. Events such as but not limited to: bullying, harassment and intimidation can be considered workplace violence or at the very least, unacceptable conduct that can ultimately lead to physical violence.   

ASIS International, the leading professional security organization defines workplace violence as a “broad range of behaviors falling along a spectrum that, due to their nature and/or severity, significantly affect the workplace, generate a concern for personal safety, or result in physical injury or death.” 

Additionally, the workplace setting varies. A home healthcare provider’s workplace might be his transport vehicle or a patient home. A taxi driver operates his workplace. Thus, there are different threats and vulnerabilities based upon a worker’s job location. A convenience store operator working at 2am by himself probably has a higher general risk of workplace violence than a clerk in an accounting firm. However, circumstances can quickly change the threat level. 

Every corporation should have a publicized workplace violence policy and plan of action, that is understood fully and practiced by trained personel,  and should also conduct pre-employment criminal and employment screening. Many times, firms hiring people look to a background check as only a compliance requirement issue. A good screening conducted with proper interview techniques can avoid many issues such as potential workforce violence because very often historical conduct can preview the potential for a forthcoming situation or disruptive incident. 

Another suggestion is that a publicized anonymous reporting mechanism can also be put in place which allows for employees who know of non-compliance by others to be reported for review and appropriate action. In some cases where an employee’s “hair goes up on the back of the neck”; they fail to report the feeling or observation for fear that they will subsequently be targeted. 

Trained managers who observe or are made aware of possible workplace violence offenders must know how to correctly and swiftly address the situation. Failure to do so can result in a negligent retention type of lawsuit at the least.

Managers terminating agitated, confronted or historically vocal employees should be aware of resources that can be made available to them to control potential situations. 

Companies tuned into their risk management issues and who have taken action to mitigate those risks will effectively confront their vulnerabilities and create a culture of security compliance every day within their organizations. 

Those that are not sensitive and reactive to potential risk management issues of workplace violence are more exposed, and when a potential situation arises — they will find that you can’t enact good security and safety practices as the threat arrives on their doorstep. 

Further, some workplace violence events have occurred many years later as where and when the assailant blames his current situation having been created by their former employer. 

You can’t easily create an environment which entirely halts every incident or kind of workplace violence; however, with proper employee screening, tools, training and protocols, along with effective policies and procedures such as mentioned above, you can greatly reduce your exposure to workplace violence and, hopefully, improve your ability to effectively recover from such a disruptive incident when and if it occurs. 

If any of our readers have additional comments or thoughts to add to this topic of workplace violence, please do so.

 _________________________________________________________________

Michael W. Wanik is SSC’s Vice President of Consulting and Investigations. He is board certified in security management and business continuity planning. Prior to joining SSC, he spent more than 13 years at UnitedHealth Group as the company’s corporate security director responsible for international operations. 

At UnitedHealth, Mike was responsible for security related risk at owned and contracted operations in 44 countries. Mike led the development, implementation and enforcement of security and safety policies and standards for the protection of human, physical and intellectual assets. In addition, Mike was responsible for facilitation of all SAS-70, continuity of operations and similar audits; he also was a member of UnitedHealth Groups Enterprise Emergency Management Team and led the Hartford Campus team.

Mike has a robust background in providing risk management consulting to protect people, process, technology, information and environments in sensitive operations around the world. He has been intimately involved with world stage situations such as 9/11 and the recent attacks in Mumbai, India. His experience in crisis management and recovery from these situations is from practice; not theory.

Mike was an early supporter and practitioner of convergence, wherein he partnered with information security and privacy personnel to better protect an entity from theft and disruption. In addition to his extensive risk mitigation background, Mike also has years of experience conducting criminal and traffic investigations from his service in the United States Army, where he served as a Criminal Investigation Supervisor and Military Police Substation Commander.

Mike attended and later taught at Central Texas College and was the senior law enforcement instructor at a satellite Military Police School created to support Operation Desert Shield/Storm. Mike currently serves as Chairman of the Board of Police Commissioners in New Britain, Connecticut; a department with an authorized strength of 158 sworn officers. He is an active member of ASIS International, Infragard, the Disabled American Veterans and the Association of Contingency Planners. Within each of these organizations, he either currently holds or has held leadership positions.

Mike can be contacted at 203-925-6182 or mwanik@sscintel.com.

Filed Under: Physical Security Tagged With: , , , , , , , ,
« Older Posts
Newer Posts »