Preseminar workshops expand knowledge.
A lesson on consulting. Attendees learned about the tools they would need before striking out as independent security consultants during Successful Security Consulting, a preseminar workshop jointly sponsored by ASIS International and the International Association of Professional Security Consultants. The goal of the workshop was to provide practical information so aspiring consultants could save time, money, and frustration.
Among the slate of speakers was John Currie, executive director for SAF Consulting International Inc. Currie outlined the role of the expert witness and defined torts, forensic security cases, and third-party crimes. To amplify this last concept, he discussed the issue of foreseeability in detail, using concerns about crime in a business's parking lot to illustrate his points.
Currie also emphasized the consultant's role in legal cases, which typically begins with a review of materials. "About two-thirds of the way reading through the case, you will begin to develop an opinion," said Currie. "From that point on, you're trying to prove or disprove that opinion." He also explained the deposition process and what the consultant should do when going to trial.
Currie underscored that serving as an expert witness is an honor that should not be taken lightly. "It is a privilege to take the stand as an expert," he said. "The court is saying we trust you to educate the jury'" about the nuances and particulars of security. He encouraged the group to remember that principle in their conduct as a consultant.
Plan for the worst. With recent disasters--from 9-11 to the blackouts in the United States and the United Kingdom not far from their minds, attendees at Sunday's preseminar workshop on business continuity were eager to learn how to fine tune their skills. Jim Nelson, lead instructor for the Disaster Recovery Institute International in Falls Church, Virginia, presented a daylong seminar that covered all aspects of business continuity from initiating a program to emergency response plans and training programs.
Nelson spoke about the future of business continuity from both a technological and managerial vantage point. On the technology front, Nelson told attendees that products currently on the horizon could help in disaster planning. Specifically, Nelson talked about software that automatically updates and maintains plans or automatically begins the recovery process under certain conditions.
On the managerial side, Nelson focused on the benefits of business continuity beyond the obvious ability to respond during a disaster. In a competitive business climate, Nelson said, tested continuity plans can be a selling point for companies. "Your clients can't afford to do business with someone who is going to drop off of the radar screen for 72 hours during a disaster," he said.
To make a business continuity plan a part of a company's appeal, Nelson urged attendees to incorporate the plan as part of product warranties and long-term service agreements. "Invite potential customers to view your plan and offer to let them watch a tabletop exercise," he suggested.
Finance in order. Now, more than ever, hanks and other financial institutions believe that loss prevention and security functions play a valued role in an institution's profitability, according to James Zardecki, senior vice president and director of loss prevention and security for Sovereign Bank. Zardecki was one of the speakers at a preseminar Banking Security Workshop sponsored by the ASIS Banking and Financial Services Council.
Zardecki first discussed ways to organize and staff the loss prevention and security functions at a financial institution. Central concerns include controlling costs, balancing costs and risks, and using technology wisely.
As a first step, Zardecki suggested identifying both the core and collateral tasks for security and loss prevention and ranking them in priority order. In the process, factors such as the task's benefit and cost to the company should be considered along with an evaluation of losses.
Another vital task, which is often downplayed, is the selection and management of staff and managers. Quality managers must be able to delegate work to staff and also be willing and able to foster interaction among functions, including physical security, loss prevention, auditing, due diligence, and internal and external investigations. Staff contentment is also imperative in today's workplace environment. Said Zardecki, "In addition to technological skills, employees must have people skills and a passion for the job" to maximize their overall effectiveness on the job.
Zardecki also explained how to develop a business case that demonstrates security's value and efforts in stemming losses. But beyond just crunching numbers, Zardecki suggested that reports should recommend further security activities that can garner cost savings.
Zardecki's theme--security's importance in the banking industry--permeated all of the workshop sessions. Other speakers explored Internet payments fraud, the current state of bank security, executive protection, and how to develop a risk analysis program.
Security cross training. The science fiction writer Arthur C. Clarke said that at a certain level of sophistication, technology becomes virtually indistinguishable from magic. But that doesn't mean that even the most advanced technology yields magical results. For example, complex access control and CCTV systems that are hard to integrate may provide the mere illusion of security.
At a Saturday morning workshop sponsored by the ASIS Physical Security Council, Council Chairman Richard D. Maurer, CPP, of Kroll Inc., advised attendees on how to use physical security measures to create a protection program that isn't just smoke and mirrors. Along with copresenters Severin Sorensen, CPP, and Donald Roberts, Maurer offered introductory information to facilities managers, IT managers, and other professionals newly tasked with physical security. Among the broad themes covered were staff training, CPTED, CCTV, and access control systems.
Whose data is it, anyway? One of the biggest debates in the security community today surrounds the integration of IT security and physical security. After all, when the bits and bytes of an access control system monitored by security personnel travel across a computer network run by the IT staff, the need for integration becomes clear. But the first step toward integration is for the two sides to understand the needs and concerns of the other.
A preseminar workshop sponsored by the ASIS Information Technology Security Council on Saturday was an important step toward that understanding. "Practical Information Systems Security 101 for the Non-Technical Security Professional" offered an in-depth look at the information technology security threats and countermeasures in terms that the layperson could easily understand. Steve Hunt, CPP CISSP (certified information systems security professional), vice president and research leader at Forrester Research, and Jim Litchko, president and CEO of Litchko & Associates and head of the IT Security Council, led the session.
"IT security is just like any security," Hunt said. He billed the workshop as "an introduction to the risks that IT security people try to mitigate, a view of the workings within a company's IT security organization, and some technical instruction on how to mitigate IT risks."
To explain some of the technology--such as firewalls and virtual private networks (VPNs)--used to defend corporate networks, the instructors relied on case studies and pictures, and compared the technologies to their bricks-and-mortar counterparts, such as a restaurant firewall that protects the facility from the dangerous heat of the kitchen's ovens and stoves. The goal was to give students a new understanding and appreciation of IT security's challenges, Hunt said.
Focus on cargo risk. "Security as a New Business Paradigm," a two-day preseminar workshop on cargo security cosponsored by ASIS International and the National Cargo Security Council, brought together a dozen speakers on topics ranging from terrorism to cargo theft.
One speaker, Caroline Hamilton, the president of Risk Watch, discussed risk assessments and how cargo companies, seaports, and ship owners can successfully evaluate their security risks. Hamilton noted that, under new Coast Guard rules, these types of companies must have an assessment completed and evaluated by June 2004. However, according to Hamilton, Coast Guard officials have warned companies that their assessments should be submitted by December 2003 so that they can be evaluated.
This deadline leaves little time to complete a useful risk assessment, Hamilton noted. She offered one particularly useful tip--"keep focused." Many companies evaluate every minute possibility and explore "every blade of grass," she said. Instead, assessments should be based on security requirements. By examining these first, security experts can uncover a wealth of risk information.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Preseminar Workshops|
|Date:||Nov 1, 2003|
|Previous Article:||Sessions add substance.|
|Next Article:||The society honors the best of the best.|