Edition 2 2015 - The Security Institute
Transcription
Edition 2 2015 - The Security Institute
Edition No. 2 : 2015 InSight IN THIS ISSUE Security Commonwealth 2 The newsletter for The Security Institute Help Others 3 Where security professionals belong New Member Welcome 4 Mentoring 6 CSyP Update 6 Member Activity 7 Mike’s Cyber Space 8 People News 9 Job Vacancy 9 Diary Dates 10 Come and Meet Us 11 Institute Events 12 NEW CHAIRMAN CONFIRMED At the Annual General Meeting on 24th March, current Chairman Emma Shaw CSyP announced that Garry Evanson MSc BA PgDip PGCE CSyP FSyI has been chosen by the Board of Directors to be the next Chairman of the Security Institute. The change will come into effect on 14th April, and further details will issued shortly. NEW WEBINARS HIGHLY SUCCESSFUL The first two Security Institute webinars have proved a popular addition to the events programme, with over 100 members signing up to take part at the first one ~ a challenge for sure. In fact, it proved so successful that the breakfast briefing in February was changed to this format too. Getting ready for the launch It was an interesting learning process all round— with each participant able to view the presentation and watch webinar presenter Ken Livingstone deliver his talk on “Aspects of Security Management and Criminology”. We had a dummy run the day before, with Ken set up as the presenter, Vickie Bailiss logged in as the administrator, and Di Thomas logged in as a member—it was interesting to work out who could see (and hear!) what. When Mike Gillespie stepped up to deliver his webinar on “When Toasters Attack” in Feburary, it was (almost) routine. Many thanks to both presenters for their time and trust, and for setting the bar high for future events. How do Webinars work? Webinars enable you to join in a virtual event, from your own desk. You need internet access on a PC with speakers or headphone in order to participate. You need to pre-register to attend the event, and will receive an email with the link to the webinar, and your own personal login details. Without this, you will be unable to join in. At the webinar start time, get comfortable with a cup of tea, click on the link, and we then know you’ve joined in. Vickie can see who is participating, and is able to screen comments and questions for the speaker to answer. After the event, paying delegates receive a copy of the webcast, and the presentation is available online. More presenters wanted If you have something to say, or share, please contact Vickie to arrange a slot in the Institute’s event programme. No travelling or cost is involved, apart from the usual time it takes to prepare and deliver a presentation. MANIFESTO FOR SECURITY: SECURITY COMMONWEALTH UPDATE Eighteen security organisations and associations attended the first meeting of a new Security Commonwealth hosted by UBM in London on 4th February. The Security Institute initiated the gathering, which included representatives from the Defence Industry Security Association, the Royal United Services Institute, the British Security Industry Association, ASIS UK Chapter 208, the International Professional Security Association, the Register of Chartered Security Professionals, the Association of Security Consultants, the Association of University Chief Security Officers, the Pharmaceutical Industry Security Forum, the Worshipful Company of Security Professionals, the City of London Crime Prevention Association, the Fire and Security Association, the Womens Security Society, and the Security Awareness Special Interest Group. Security Manifesto Also in attendance was Bill Butler, the CEO of the Security Industry Authority, along with Terri Jones, the Director General of the sector skills body, Skills For Security. The concept of a gathering of security organisations working together for the benefit of the sector is not new, and has certainly been tried in the past. Some will remember the Joint Security Industry Council, and in more recent times, the Security Regulation Alliance which campaigned so successfully in support of the (then) threatened Security Industry Authority. The key to success, all agreed, is maintaining a fair balance, and making sure there is a job to be done. The Manifesto for Professional Security, published by the Security Institute in November last year, provides many challenges and ideas for the group to develop. Their next meeting will start to look at common themes amongst commonwealth members, in order to set priorities and targets for the group. Emma Shaw CSyP led the first meeting’s discussions, which she hopes to be the start of a new era in collaboration in the security sector. “We received an excellent response to the idea of setting up a Security Commonwealth” she said, “ and I am pleased that all of the organisations involved are able to see the benefits of sharing ideas and pooling efforts where it is practical to do so. The profession is currently perceived by some as disjointed and lacking a single authoritative voice that represents the broader security community. The benefits to the sector, businesses and more importantly, the general public, could be significant and I welcome any opportunities where members and leaders of our profession can come together to discuss and share common ideas to develop our profession further. The inaugural meeting was successful and I am delighted there was a very real spirit of cooperation; I hope this forum will grow, and become even more representative.” Any organisation interested in joining the security commonwealth should contact the Security Institute. Please do spread the word if you are involved in like-minded or- Some of the industry representatives at the Security TWENTY 15 event, left to right: Mike White, IPSA chairman; Justin Bentley, IPSA CEO; Neil Wainman, ganisations. The next meeting will be on for ASIS UK chapter; Emma Shaw; Nick Johnson, Association of Security Con22nd April 2015 at CTX, Olympia. sultants; Andrew Brown, SSAIB; and Nigel Aitkin, NSI. Photo : Mark Rowe, Professional Security Edition No. 2 : 2015 FINAL CALL TO PARTICIPATE MA Dissertation—Survey Request Please help David with his survey request Self-directed learning (SDL) has been used for many years to gain management qualifications in the security industry, and is now being widely adopted to gain qualifications at other levels. This research by SyI member David McAulay will investigate whether SDL is appropriate for all adult learners. Please click here to complete David’s survey— participation is anonymous and he would be very appreciative of your support. University of Portsmouth –Survey Request Professor Mark Button is conducting research on what organisations do to prevent occupational corruption. The survey can be found at https://www.surveymonkey.com/ s/TXBSQ3Y . The survey will take around 15 minutes. He would be very grateful if you have a role related to corruption if you could complete it. All data will treated confidentially and anonymously. HELP US TO HELP YOU We want to give you the best possible membership support service. To make sure we spend as much time as we can on the things that make a difference to you, we’d really appreciate your help with some of the admin issues that can slow us down. Make sure your contact details are current. Let us know about any changes. This should include your Email (Personal, Business or Both) Mobile Number Job Title Employer Post Address In some cases .... Name Pay your annual subscription renewals on time. We invite you to renew your membership by email. We will send you a renewal notice the month before your subs are due, a 2nd email when you subs are actually due, a 3rd email if they’re overdue. This is then followed by a phone call, and final reminder invoice which we post. At time of writing, 81 members have subs payments outstanding from January alone (from a total of 381 for the month). Does this seem fair to you? Is all this chasing up we do a good use of our admin resources? We really don’t want to cancel memberships for non-payment of subs, but sometimes we have no alternative. Please, if you should be paying, we’d love to hear from you. Pay your subs online—Visit www.security-institute-shop.org Pay by phone with your credit/debit card—Call 08453 707717 (or +44 2476 346464 from outside the UK) Pay for events when you book them. Generally this works well, thank you, but with a number of events open for booking at any one time, it really does help if you pay promptly. Thank you. LOOK WHO’S JOINED Congratulations to everyone who has joined the Institute in January and February 2015. We look forward to meeting you at events and exhibitions, and reading your contributions in InSyIght and our LinkedIn group. Affiliates Introduced by Ahmed Badawy Roy Cooper G4S Professional Security Guy Mathias Di Thomas Anthony Searle Paxton Access Gavin Archer David Tugui The Security Group (National) Ryan Vickers Unity Resources Group Aaron Trindall Associates Ken Bond Chris Jolley Birmingham City Council Control Risks Zaid Alsanea Innovative Technology Company Bill Rhynd Philip Mackie Michael Ogunmuyiwa Sellafield G4S Secure Solutions Kelly Surtees Alex Milne HM Forces Members Michael Sussman Bill Hall TDSi De La Rue David Aston Page Protective Services Mike Bluestone CSyP Sarah Hallas Peter Brench Alan Lingwood Lingwood Security Management Thomas Docherty Lingwood Security Management Richard Woodford City of Police Police Roger Gomm Jonathan Felix CIS Security Justin Morgan David Tomlinson AWE Jason Gotch Foxtel Ian Foxley Vemotion Interactive Rob King David Kear Self Employed Craig Badley Adrian Nessel OSCE Derek van Tubbergh Evensure Management Chris Edwards Duro Felguera UK John Benson Sodexo at Johnson and Johnson Kevin Blythe David Lewis Olive Group Ben Murrell Bipin Joshi Shield Security Services Adil Abdel-Hadi CSyP Cavan Murtagh Salamanca Risk Management Wayne Hughes John Baycroft Team Savante John King John Clary HLS Guy Mathias Ian Hardy HLS Guy Mathias David Coombes HM Forces Alan Husher Office for Nuclear Regulation Steve Skelton CSyP Paul Cooper Redline Aviation Security Derek Mann Aegis Nick Butler Martin Burgess Office for Nuclear Regulation Steve Skelton CSyP William Boag Queen Mary University of London Brian Hopla Mitie Total Security Management Simon King Nigel Furlong Juan Munoz CSyP David Poole Transport for London Associated Projects International Thames Valley Police Richard Bell David Dodge David Dodge and Associates CC Reinstatements Jim Gibson Reinstated as Member Philip Moch Reinstated as Member Moira Galletly Reinstated and regarded to Member Fellows Revalidations Gain Rico Luzzi Regraded to Member Leyton Morgan Regraded to Member Tuesday May Kelereng Ntshebe Regraded to Associate Regraded to Associate Fabrice Vaisset Regraded to Member Students Members via Security Institute Distance Learning Programme Dominic Chandler Ian Smith John King Oliver Kwakale Pete Fox James Laird Fraser Whitford Steven Asquith Chaditsa Poulatova Nick Rathbone Ian Brown Lesley Nesbitt Andy Finney Alan Niblett Rudi Esterhuizen Ken Hill Aldo Melendez Gary McCracken Lee Ellis Terry Finlay Matthew Govier John Caden Student Members via University of Leicester Junior Watts Bradley Butler Philip Bellard Don Davis Ignas Karvelis James Hill Bernadette James Antony Bailey Rick Trauernicht Okey Eze Julian Turner Georgios Paparas Claude Kondor Mohamed Shire Robert Taylor Anthony Thomas Alun Jones Ashley Hunt Bakhtiar Safi Chernor Kamara Adrian Maltby Baljinder Singh Andy Williams Christine Kamau Laxman Moyo Student Members via other University Programmes/Colleges Caroline Perois University of South Africa Demetrius Clarke Stonebridge Chris Needham-Bennett University of Portsmouth Sharon Wilson Loughborough University Aaron Brown Bucks New University Edition No. 2 : 2015 UPDATED MEMBER BENEFIT 2015 Mentoring Scheme : A Message from the Institute’s Mentoring Lead “We have relaunched the mentoring program and I encourage everyone to get involved, not only for the particular benefits to those in a mentoring partnership but for the continued improvement of the profession as a whole. Participating in the mentoring scheme will also earn your CPD points. The ethos of the mentoring program is to facilitate the passing on of invaluable knowledge and experience between our members. It has had many success stories since its introduction and has been revised and revamped to align itself with the way in which we work and communicate in modern business. How does it work? Its really simple. We match volunteer mentors (members who want to share their experiences) with mentees (members who would like some one-to-one support). There is no cost, no report writing or close monitoring—all we ask is an initial investment of 8 hours, which can be spread over days, weeks or even months. Our aim is to tailor partnerships to suit both parties whilst maintaining a structure that confirms the aims and a level of commitment to achieve aims. One of the key revisions has been to implement set dates on which mentoring partnerships are made, this should enable us to create a 'pool' of Mentors and Mentees that can be better matched.” If you are interested in the program click here to download the applications forms. Andrew Tapping Security Institute Lead on Mentoring CHARTERED SECURITY PROFESSIONALS UPDATE Six new Chartered Security Professionals have been admitted this year. Fraser Brown Jim Castle Don Randall Bob Boote Stefanos Katsimpiris Mike Williams Director of Operations Managing Director Cyber Ambassador Director Risk Security & HSE Manager Managing Director IDG Security Middle East Corporate & Executive Solutions Bank of England CE Group ASSYSTEM (Appointed to Technip) MIRIS International An excellent celebratory dinner hosted by Lord Carlile at the House of Commons on 19th March was attended by 142 guests , and certificates of admittance were presented to 12 recent CSyPs. The next CSyP meeting will be held at Cheltenham Racecourse on 2nd June. The VIP guest speaker is from GCHQ. A new CSyP only LinkedIn group has been launched. The annual Assessor refresher training is being hosted by UBM at their new HQ in Blackfriars on 16th April. For further information, or an informal chat about what’s involved, contact Di Thomas or any CSyP—click here for the latest list. Edition No. 2 : 2015 RETAIL SECURITY GET TOGETHER Andrew Nicholls, Membership Director for the Institute, reports on a recent initiative On Tuesday 24th February 2015, 6 Security Institute members joined together to discuss common concerns involved in Retail Security Management. The event was a new initiative and was aimed at sharing knowledge and developing skills. The two organisations involved were the McDonald’s security team and the Mitchells & Butlers security team. The seminar was attended by 3 Senior Managers from each of the two organisations, all of whom are members of the Institute. Throughout the day the group listened to presentations from each of those present which included the following subjects: conflict management, reducing vulnerability by proactive risk management, security training and how to communicate the security message. Although the seminar was not organised by the Institute the idea was conceived as the result of a meeting and follows the Institutes ethos of sharing information and encouraging CPD. Andrew Nicholls MSyI, who is the Membership Director for the Institute and the Head of Security for Mitchells & Butlers commented, “We all learnt a lot from each other but the most interesting aspect was how we found so much common ground in what we all do every day.” Mark Whittle MSyI, who is a member of the Institutes Validation Board and the UK Security Manager for McDonald’s commented, “Sharing Security and Licensing best practice in confidence with respected colleagues is always a valuable experience. We believe that external benchmarking strengthens our security plan development.” The seminar, which was held under Chatham House Rule was organised with limited cost and simply involved those attending sharing their experiences of being a Retail Security Manager. Emma Shaw CSyP Chairman of the Institute said, “I was delighted to hear about this idea, as it is such a good example of Institute members working together. Collaborative working and best practice development are all key points in the recently launched Institute Manifesto”. It is hoped that this initiative will encourage other members to organise similar events. Andrew Nicholls Membership Director Pictured Above L to R: Mark Whittle, Robbie Hawes, Stephen Bowcher, Paul Donlevey, Emma Thomas. MIKE’S CYBER SPACE CCTV hack enabled mega bank heist In a plot worthy of one of the ‘Ocean’s’ film franchise, the bank mega heist is still taking up column inches in both mainstream and cyber security press. The surveillance part of the heist was carried out using a physical security system though, namely the bank and financial institutions’ own CCTV estate. The gang in this case managed many months of intense surveillance and worked out how to replicate and imitate the staff network behaviour and pass unnoticed through the systems for up to two years. The leap from corporate network to physical system networks seems to have been unhindered. Indeed, once the hackers were inside they clearly had a good look round the system architecture to use whatever systems they felt would best expedite their plan. The leap from corporate network into physical security system is a disturbing one and whilst it’s impossible to comment on the security and network arrangements in this instance, it does give pause for thought on how our physical systems are secured and managed. Many corporate networks are not managed by the same security teams that manage security systems and so the maintenance, patching and updating that goes on generally as a matter of course with a corporate network, may not necessarily be happening to other systems. They may not be firewalled or have operating systems updated; in short they may be totally vulnerable to attack and the IT security team who manage other systems may not even have oversight of any of the management that is applied to these physical security systems. We must examine what systems and processes we have in place and see if it they are fit for purpose. We must look at our organisational structure and behaviour and see if it is also protecting our assets or putting them at risk. Bringing all networked systems under the umbrella of the same policy for patching and monitoring makes absolute sense. Obviously, in this case we do not know what the architecture was but it is fairly safe to assume that many organisations will be running systems in isolation and away from security scrutiny. After the news of this attack started to percolate through networks like LinkedIn, Darren Rewston, MD of CCTV monitoring company CheckMySystems commented after he read about this attack, “We have witnessed a number of attacks on CCTV systems and they are becoming more common. Typical attacks I have seen include; taking over a CCTV system to run as a Bitcoin farm, using a CCTV system to store pirated movies and brute force password attacks that lock out the user. These could have been prevented by standard IT security procedures but these can sometimes be bypassed by the CCTV installer, leaving the system vulnerable". So we should be talking about extending IT Health Checks and Penetration testing to all our systems, regardless of who manages them. It might be worth considering if IT security teams should have final sign off on networked security and other systems to ensure proper precautions are being maintained or at the very least encouraging collaboration and cooperation between teams to ensure these departmental cracks can’t be exploited. Containing an attack once it has started can limit the damage caused and stopping this leap into physical systems is an absolutely vital part of that damage limitation. Mike Gillespie Cyber Development Director PEOPLE NEWS OBITUARIES It is with great sadness that we report the deaths of Security Institute members Mark Slater CSyP John Sharvell Mike Welply Many will remember Mike as a former Director of the Security Institute, during its merger with the International Institute of Security. Our thoughts go out to all three families at this very sad time. NEW SIA CEO ANNOUNCED Elizabeth France CBE, Security Industry Authority Chair, has announced the appointment of Dr. Alan Clamp as SIA Chief Executive. Alan will take over from Bill Butler on 1 June. Alan is currently the Chief Executive of the Human Tissue Authority (HTA), where he has been responsible for implementing the strategic plan of the HTA to improve the efficiency and effectiveness of regulation, and for ensuring that the HTA is governed effectively and provides good value for money. He has considerable experience in the field of regulation and has successfully managed significant organisational change in national public sector organisations. He said "I am excited to be taking up the post of Chief Executive at the SIA. The organisation plays an important role in protecting the public and improving standards in the security industry. I look forward to working with the board and staff at the SIA, as well as external stakeholders, to build on the good work of the organisation and to ensure that the SIA is seen as an effective and efficient regulator." ADVERTISEMENT: JOB VACANCY: HEAD OF BUSINESS CONTINUITY Main Responsibilities: Major incident management Workspace recovery management Education and awareness Testing and exercising Business impact and risk analysis/assessments Regulatory compliance Further information: Assume overall responsibility for business continuity and security at all corporate offices Monitor and assess the various threats to the business environment in which the company operates and ensure that the CEO, Executive Team and Senior Management Team receive regular threat analysis Build, coordinate and maintain close links with key statutory groups/stakeholders: Mayor’s office, respective London Boroughs, Metropolitan Police, Fire Services, Insurers etc With the Executive Team and Business Unit Leaders ensure that all contingency planning is coordinated, vertically integrated, accords with best statutory and industry standards Where possible, ensure the integrity of the company’s business operations are maintained at all times Candidate specification: Ex-military/emergency services/corporate business continuity background Ability to work within the corporate environment, covering multiple offices / assets / business platforms Sufficient gravitas to lead and impose authority in pressurised situations Effective management and decision making skills Ability to build trust and rapport quickly with staff of all levels, internally and with the wider sphere. If you are interested in this vacancy, please contact Helen@security-institute.org. Edition No. 2 : 2015 DIARY DATES 8th May 2015: Spring SASIG : The Insider Threat Venue: BT Centre, 81 Newgate Street, London This free-to-attend meeting will be looking at varying aspects of the Insider Threat, culminating in a discussion about the true nature of the clear and present danger represented by those with authorised access to our systems, information and premises. We will be joined by an academy of distinguished speakers, and we expect an audience of some 140 delegates from the front line of corporate and cybersecurity. As always, Martin Smith of the Security Company extends this invitation to the Security Institute membership. SASIG meetings are almost always oversubscribed we can’t promise places for everyone that wants to come. Please note also that whilst meetings are open to suppliers and contractors, priority to attend will be given to corporate staff and end users. To register their interest in attending email Francesca.Collins@thesecurityco.com or call +44 1234 707026. 8th June 2015: German-British Civil Security Industry Conference Venue: Blick Rothenberg, 16 Great Queen Street, Covent Garden, London See http://www.enviacon.com/website/index.php?id=713 for further info. The German-British Civil Security Industry Conference brings together British and German security experts with representatives from industry associations, companies, and political institutions for a day of presentation, discussion, and networking. The programme includes: Eight European enterprises from the cyber security sector and the field of security systems including alarms and radar solutions will present their products and latest innovations. Experts from both German and British leading security industry associations will present on current industry trends and opportunities. Speaking about political matters and economic developments are representatives from the German Embassy London, the German Federal Ministry of Economic Affairs and Energy, the German-British Chamber of Commerce, and Germany Trade and Invest London. The conference also serves as a kick-off event for a business development trip that the consultancy enviacon international organises on behalf of the Federal Ministry for Economic Affairs and Energy that develops business partnerships and investments for German security technology companies in the UK. 17th April 2015: Call for Papers Transport Security Expo (Olympia, 2nd/3rd December 2015) call for papers for the “Security Innovation Seminars” Theatre is now open. If you have a paper based on a case study that you would like to be considered for presentation within a 30minute slot or a live demonstration, the organisers want to hear from you. Original content is essential, with up-to-date research or a case study detailing your innovation where the information is of key interest to the audience of Transport Security end-users. Contact Monika Luis, Exhibition Director, E: mluis@nineteen-events.com COME AND MEET US It is always a pleasure catching up with members at exhibitions, either because you kindly volunteer to help on our stands, or are supporting the organisers by speaking at their conferences, or visiting the event to keep your knowledge up to date. 21st/22nd April : Counter Terror Expo, London We are exhibiting on Stand C80, and of course, are hosting the ever popular networking drinks from 5.30pm on Day 1. 15th April : Security Twenty15, Bristol We are also guests of Professional Security in Bristol, and look forward to catching up with you there. SECURITY INSTITUTE MEMBER EVENTS Friday 3rd July: Same river…different Queen The Security Institute summer boat trip moves up river Following the success of our previous PS Dixie Queen trips, this year we move up river to Windsor, where we will be setting sail on the new Queen of the River from the Oakley Court Hotel. This will be our base, and is where we will board our boat for a 2 hour River Thames cruise through the peaceful countryside towards Windsor Castle, all the while taking advantage of the on-board bar and the opportunity to chat to fellow passengers. The pace of life in this stretch of river is much less frenetic, much more relaxing than in London as the green fields slip quietly by. Ideal for the end of a busy week. We return to Oakley Court Hotel where our barbecue and bar awaits us down by the river, continuing into the evening; two events for the price of one! Date: Friday 3rd July 2015. Time: 16:00 – onwards. Address: Oakley Court Hotel, Windsor Road, Water Oakley, Windsor, SL4 5UR Prices: £85 Individual tickets / £400 Group Booking of 5 / £800 Group Booking of 10. Make a weekend of it! A special rate of £140 per room (bed & breakfast) has been arranged. Call Oakley Court on 01753 609988 to book and quote: "The Security Institute Summer Event". Details and directions available online. Tuesday 7th July: 7/7 London Bombings ~ 10 years on A conference to remember, reflect, respond On 7th July 2005, the co-ordinated terrorist attack on the London Transport Network resulted in the death of 52 people, and caused injuries to hundreds of others, many life changing. London displayed its resilience that day, standing up to these unimaginable events, with stories of bravery and kindness. In a world of Global Security uncertainty, we convene in the 5th floor briefing room at New Scotland Yard, London, SW1 to reflect on the events exactly 10 years previous, to remember those so terribly affected, and share solidarity in a professional forum to examine future responses for the benefit of our society. Survivor representatives will be present together with professionals who responded on the day. Confirmed Speakers: Daniel Beadle, Nigel Furlong, Haras Rafiq, Mike Thompson Date: Tuesday 7th July 2015. Time: Full Day Conference Address: New Scotland Yard, 5th Floor Briefing Suite, 8-10 Broadway, London SW1H 0BG Price: £99 members / £125 non-members All profits to Charity Kindly sponsored by The Security Institute newsletter is published monthly and issued to over 1800 members, and other pre-registered interested parties. To request your free copy contact di@securityinstitute.org. Alternatively it is available to download from the Institute’s website at www.security-institute.org The Security Institute is the UK’s leading professional association for the security sector. It provides validated membership, seminars, qualifications, career development (mentoring and CPD), networking, social events and a collective voice for lobbying. The Security Institute manages the Register of Chartered Security Professionals on behalf of the Worshipful Company of Security Professionals. Security Institute, 1 The Courtyard, Caldecote, Warwickshire, CV10 0AS t: 08453 707 717 (UK) t: +44 2476 346464 (From outside the UK) e: info@security-institute.org w: www.security-institute.org t: @SyInstitute Copies of Press Releases and Newsletters can be found here